Systems and methods for differentiated identification for configuration and operation

ABSTRACT

A differentiated identification system facilitates dynamically differentially morphed access for one or more requesters. The system receives an access request including at least one differentiable voucher from a requester and assesses the type of the received access request by considering the access request, the differentiable voucher and one or more semblances. The system then dynamically differentially morphs an access to one or more service or data based on the assessment of the access request type, enabling the system to provide the requester with dynamically differentially morphed access to the one or more service or data.

CROSS REFERENCE TO RELATED APPLICATIONS

This is a Continuation Application and claims the benefit of U.S.application Ser. No. 16/000,832, filed on Jun. 5, 2018, of the sametitle, which claims priority to U.S. Provisional Application No.62/520,462 filed Jun. 15, 2017, of the same title, which applicationsare incorporated herein in their entirety by this reference.

BACKGROUND

The present invention relates to systems and methods for differentiatedidentification for configuration and operation.

Given the need to enable utilization of electronic computing devicesand/or computer facilitated services by authorized individuals and/orentities, and the need to prevent, control and/or alter utilization ofsuch devices and/or services by and/or under the influence ofunauthorized individuals and/or entities, a need exists fordifferentiated identification for configuration and operation ofelectronic computing devices and services.

The breach of huge databases exposing extremely sensitive consumer datato a world of bad actors has stripped away billions of dollars incorporate market value and made it woefully and painfully obvious toconsumers that the security of their personal data cannot be comfortablyentrusted solely to third parties who may have conflicting interests.Revelations such as Stuxnet, the Snowden NSA and 2017 CIA cyber-spyingleaks, the 2016 Hillary Clinton campaign hacks and the May 2017 hospitalransom-ware attacks have made consumers aware that the threat to theirdata privacy and security extends to nation state actors, multi-nationalcorporations and global crime syndicates in addition to pranksters,crooks, white-hat hackers and whistleblowers. Further, as 60% of smallcompanies suffering a cyber attack are out of business within sixmonths, this has become an existential threat to investors, employers,and employees worldwide.

Third parties—typically not consumers—control the storage, structure,protection, authentication and authorization of access to and use ofcomputer services and data—on both personal devices and remote servers.Even on nominally consumer-owned personal devices, the software on thosedevices is owned by third parties and often much of the data as well.Typically, a user must use the security mechanisms and the accesspolicies provided by the device manufacturer and/or a remote serviceprovider. It is nearly impossible for a user to alter, replace,strengthen or alter those security facilities outside of the bounds ofoften poorly documented menus of settings whose effects are often hiddenand which may change without notice. It is largely a poorly understoodtake-it-or leave it proposition.

Worse, today's secure access control mechanisms have acharacteristically binary operation. One either succeeds in beingauthenticated and gaining access or one fails to be authenticated, thusnot gaining access and instead typically notified of one's failure. Thisregime is extremely helpful for bad actors trying to gain illicitaccess. There is essentially no ambiguity or deception. Failure isquickly and clearly apparent, thus speeding processes of eliminationand/or deduction.

Regardless of how well computer systems are secured, they will continueto be breached. Perhaps the most certain reason for this is that licitusers are increasingly being coerced by powerful individuals orentities—for example by armed criminals or bullying bosses—to entertheir access credentials so that such individuals or entities can gainaccess to the user's computerized services and data. The true failing oftoday's systems is this: even though it is well understood that accesscontrol will be breached, the systems thusly exposed are not designed todynamically configure operation in a fashion that differentiateslegitimate access from successful (perhaps coerced) illicit access.

Now picture a contrasting example, a system that supports a plurality ofvalid (i.e., accepted) passwords for a given username. One validpassword when authenticated enables normal dynamically configuredoperation of the accessed computer system. However, another validpassword when authenticated enables an alternative dynamicallyconfigured operation of the accessed computer system. So, if that lattervalid password is provided to a prying boss, it provides seeming accessto the coerced user's computer services and data, but in fact providesaccess to a perhaps similar, but altered, substitute. The intruder issatisfied, but in fact fooled. Even if they are suspicious, they may behard pressed to be certain that they have been deceived.

It is therefore apparent that an urgent need exists for differentiatedidentification for configuration and operation of computing devices andservices. This improved system for securing computer services and dataenables protection via nuanced identification of illicit access coupledwith access to a deceptive substitution rather than utilizing absoluteaccess denial.

SUMMARY

To achieve the foregoing and in accordance with the present invention,systems and methods for facilitating dynamically differentially morphedaccess to a requester are provided.

The differentiated identification system is configured to receive anaccess request including at least one differentiable voucher from arequester and to assess the type of the received access request byconsidering the access request, the differentiable voucher and at leastone semblance. The system then dynamically differentially morphs anaccess to one or more service or data based on the assessment of theaccess request type, thereby providing the requester at least onedynamically differentially morphed access to the one or more service ordata.

In some embodiments, the system derives the least one semblance byconfirming verisimilitude of the least one differentiable voucher, andwherein the at least one differentiable voucher is selectable by therequester from a plurality of acceptable differentiable vouchers. Theplurality of acceptable differentiable vouchers can include amulti-username differentiable voucher, a multi-password differentiablevoucher, a multi-voucher differentiable voucher and/or acombined-voucher differentiable voucher.

Note that the various features of the present invention described abovemay be practiced alone or in combination. These and other features ofthe present invention will be described in more detail below in thedetailed description of the invention and in conjunction with thefollowing figures.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the present invention may be more clearly ascertained,some embodiments will now be described, by way of example, withreference to the accompanying drawings, in which:

FIG. 1 is an illustrative exemplary Ecosystem for DIFCO systems, inaccordance with the present invention;

FIG. 2 is a system diagram illustrating exemplary utilizations of DIFCOsystems in accordance with embodiment(s) of the DIFCO Ecosystem of FIG.1;

FIG. 3 is a flow diagram illustrating the functionality of an exemplaryembodiment of a DIFCO system within the DIFCO Ecosystem of FIG. 1;

FIG. 4 is a flow diagram further detailing the functionality of step 350of FIG. 3;

FIG. 5 is a flow diagram further detailing an exemplary variant offunctionality of step 350 of FIG. 3; and

FIG. 6 is an exemplary screen image detailing graphical user interfacesutilized by exemplary embodiments of a DIFCO system within the DIFCOEcosystem of FIG. 1.

DETAILED DESCRIPTION

The present invention will now be described in detail with reference toseveral embodiments thereof as illustrated in the accompanying drawings.In the following description, numerous specific details are set forth inorder to provide a thorough understanding of embodiments of the presentinvention. It will be apparent, however, to one skilled in the art, thatembodiments may be practiced without some or all of these specificdetails. In other instances, well known process steps and/or structureshave not been described in detail in order to not unnecessarily obscurethe present invention. The features and advantages of embodiments may bebetter understood with reference to the drawings and discussions thatfollow.

Aspects, features and advantages of exemplary embodiments of the presentinvention will become better understood with regard to the followingdescription in connection with the accompanying drawing(s). It should beapparent to those skilled in the art that the described embodiments ofthe present invention provided herein are illustrative only and notlimiting, having been presented by way of example only. All featuresdisclosed in this description may be replaced by alternative featuresserving the same or similar purpose, unless expressly stated otherwise.Therefore, numerous other embodiments of the modifications thereof arecontemplated as falling within the scope of the present invention asdefined herein and equivalents thereto. Hence, use of absolute and/orsequential terms, such as, for example, “always,” “will,” “will not,”“shall,” “shall not,” “must,” “must not,” “first,” “initially,” “next,”“subsequently,” “before,” “after,” “lastly,” and “finally,” are notmeant to limit the scope of the present invention as the embodimentsdisclosed herein are merely exemplary.

In the discussion that follows, particular attention may be placed uponvisual displays on a mobile communication device. However, it isimportant to note that embodiments of the present invention are intendedto operate with all manner of consumer electronic network terminaldevices including smart phones, computers, tablet computer systems,e-reader devices, and virtually any electronic device which includes WANaccess and a user interface. These embodiments are also capable ofoperating with a wide range of interface types, including anycombination of a visual display, tactile and audio output and a visual,tactile or acoustic user interface.

The present invention relates to systems and methods for differentiatedidentification for configuration and operation (DIFCO). This inventionpertains to utilization of at least one mechanism for authenticatinguser identification and/or user account identification as relates tooperation of a computerized system and/or device. Furthermore, thisinvention concerns dynamic configuring of such a computerized systemand/or device based upon and subsequent to a given outcome determination(from a plurality of potential outcomes) of user identification and/oruser account identification.

For brevity and consistency, the meanings of several terms usedthroughout this document are elucidated herein after. Such terms may beadditionally described, illustrated by use and/or defined in furtherdetail in other portions of this document.

The terms “computerized system”, “computer”, “computer system” and/or“computerized device” may refer to a system (e.g., device apparatus,mechanism, contrivance) devised or intended in part for automatedoperation composed of hardware (e.g., processor, memory, sensors andinput/output devices) and programmed instructions for operation (e.g.,software, firmware, microcode) as may be well known to someone skilledin the art, A computerized system may, for example, be a ‘smart device’such as a digital music player utilized perhaps in a stand-alone mode orconnected to a network of other computerized systems. A computerizedsystem may in some instances be a “virtual system”—for example, avirtual system might be an IBM 360 computer simulation hosted on a Linuxserver and devised to run legacy COBOL programs. A computerized systemmay be composed of one or more aggregated and/or interoperatingcomputerized systems. Such a composite computerized system may becentralized (e.g., multiple server blades in a single chassis) ordistributed (e.g., remote servers and mobile smart devicesinterconnected and interoperating via computer network(s))—again as maybe well known to someone skilled in the art. References to a ‘computer’or ‘computer system’ or ‘computerized system’ or ‘computerized device’may be taken to include components thereof including but not limited toservices, programs or data operating or stored therein.

The term “data” may refer to information that is input, stored,retrieved, modified, analyzed, output and otherwise manipulated and/orutilized by a computerized system as may be well understood by oneskilled in the art.

The terms “service”, as well as variant ‘service’ terms including“computer service”, “computerized service” and/or “system service” mayrefer to an action or set of actions directed by and/or conducted onbehalf of a given user (e.g., modifying data, displaying a screen image,moving a robotic arm, etc.) facilitated by a computer (typicallyutilizing hard logic and/or programmed logic control) as may be wellunderstood by one skilled in the art. Such computer facilitatedaction(s) may be largely virtual or may have more apparent real worldembodiment such as operation of a physical mechanism.

The term “user” may refer to a human (or to a computerized system) thatmay utilize (or interoperate with) a computerized system—e.g., a DIFCOsystem, or a service-providing-system (e.g., an email system) that isintegrated with a DIFCO system. Increasingly, a computerized system mayutilize or interoperate with another computerized system utilizing ahuman-intended user interface or utilizing a computer-to-computerinterface or utilizing both. In some instances, computerizedsystems—e.g., ‘bots’ and ‘avatars’—intentionally may simulate humans insuch computerized system utilizations as may be well understood by oneskilled in the art. Therefore, computerized systems, including suchhuman-simulating computerized systems, may also be users unless statedexplicitly otherwise.

The terms “user access request” and “access request” may refer to acomputer-apparent signal or encoded message—delivered for instance via astandardized access request protocol—asking for immediate responsiveaction and/or subsequent permissions relating to reading, modifying ordeleting data or selecting, managing, initiating, utilizing, altering orterminating service(s). In some instances, the term ‘user accessrequest’ or ‘access request’ may be used descriptively in reference to acorresponding user action resulting in such a computer-apparent signalor encoded message—as may be apparent in context.

The noun ‘access’ is defined by an on-line dictionary (Merriam-Webster)as: ‘permission, liberty, or pass to and from a place or approach orcommunicate with a person or thing’. The term “access” as well asderivative terms including “accessed”, “accessible”, “accessing”,“accesses” in relation to a computerized system, including the data andservice(s) thereof, refer to the permitted action of communicating withand operating such a computerized system—such communicating andoperating including, but not limited to: configuring and utilizingservice(s) and data as may be well understood by one skilled in the art.Such utilizing of data may include, but not be limited to; defining,reading, modifying, storing, write-protecting, read-protecting, sharing,combining, ordering, sorting, shuffling, randomizing, indexing,aggregating, analyzing, transforming, disaggregating, anonymizing,de-anonymizing, reformatting, compressing, decompressing, importing,relocating, exporting and deleting data—again as may be well understoodby one skilled in the art. The degree and nature of permittedcommunication with and operation of a given DIFCO system and/or a givenservice-providing-system integrated with a DIFCO system may vary betweenembodiments of such systems.

The term “licit” utilized as an adjective in relation to aspects of aDIFCO system (or of user identification/authentication systems ingeneral) may refer to a utilization that is authorized or legitimate. Sofor example, a legitimate/authorized user may be described as a “licituser” The term ‘licit’ may be used an adjective to describe or qualifyterms related to DIFCO system utilization—e.g., “licit access”, “licitaccess request”, “licit access voucher”, “licit owner”, “licitpassword/username combination”, “licit username”, “licit password”

The term “illicit” utilized as an adjective in relation to aspects of aDIFCO system (or of user identification/authentication systems ingeneral) may refer to a utilization that is not authorized orillegitimate. So for example, an illegitimate/unauthorized user may bedescribed as an “illicit user” The term ‘illicit’ may be used anadjective to describe or qualify terms related to DIFCO systemutilization—e.g., “illicit access”, “illicit access request”, “illicitaccess voucher”, “illicit owner”, “illicit password/usernamecombination”, “illicit username”, “illicit password”.

The term “normal” utilized as an adjective in relation to aspects of aDIFCO system (or of user identification/authentication systems ingeneral) may refer to that which is the “norm”—i.e., that which isintended and licit for use by a licit user. The term ‘normal’ may beused an adjective to describe or qualify terms related to DIFCO systemutilization—e.g., “normal service”, “normal data”, “normal use” and“normal operation”.

The terms “voucher” and “access voucher” may refer to a digitally (orotherwise) encoded artifact that individually or in combination withadditional voucher(s) may be received and utilized by a DIFCO system (orby other user identification/authentication system in general) touniquely ascertain the validity of such a voucher(s), the accountassociated with such a voucher(s) and corresponding access permissionsof a requester so as to deny or grant that requester access to someportion of services and/or some portion of data that may be availablefrom that computerized system. Examples of such an artifact includeusername/password combination, account ID/PIN combination, biometricmarker (e.g., finger print scan, retinal scan, facial scan, voice scan),encrypted token (e.g., from a credit card chip scan) and trustedthird-party provided identity endorsement.

The terms “account” and “user account” may be utilized interchangeablyin relation to a given computerized system such as a DIFCO system andmay refer to user-related information including permissions utilized tomonitor, control and perhaps configure a given requester's access toservice(s) and/or data operating or stored therein as may be wellunderstood by one skilled in the art. Additionally, they may relate to agiven stand-alone service(s) and data access provided by a computerizeddevice as well as to a given remotely-accessible (e.g., via theInternet) service(s).

The terms “account ID”, “user account ID”, “account identifier” and“user account identifier” utilized relative to a given access requestmay refer to an access voucher (or component thereof) associated withsuch an access request that uniquely corresponds directly to a specificuser's account as may be well understood by one skilled in the art. Insome embodiments, an ‘account ID’ may be communicated embedded in theassociated access request.

The terms “username”, “user name”, “user ID” and “user identifier”utilized relative to a given access request may refer to an accessvoucher (or component thereof) that may be utilized (e.g., inassociation with such an access request) as an account ID or a partialcomponent thereof, but may additionally be utilized to nominally (butnot necessarily reliably) identify a user requesting access as may bewell understood by one skilled in the art.

The terms “password”, “pass word”, “passcode” and “pass code” utilizedrelative to a given access request may refer to an access voucher (orcomponent thereof) that may be utilized (e.g., in association with suchan access request) as a mechanism to confirm that the requestor is alicit user as may be well understood by one skilled in the art.Typically, a ‘password’ is at least nominally secret and is utilized asa ‘shared secret’ between a licit user (or set of licit users) and agiven user identification/authentication system—again as may be wellunderstood by one skilled in the arts. To the extent that ‘alternativeidentifiers’ such as a personal identification number (PIN), biometricmarker (e.g., iris image) or other measurement value, code or token maybe utilized in a similar fashion to confirm that the requestor is alicit user, such alternative identifier may be utilized in place of orin addition to a ‘password’ as a component of an access voucher—yetagain as may be well understood by one skilled in the art.

The term “valid” as well as derivative terms including “validity”,“validate” and “validation” utilized in relation to an access voucher(and/or an associated access request) may refer to an access voucherthat may be determined by a DIFCO system to have a match within a set ofacceptable access voucher values—e.g., maintained by a DIFCO system assecure reference data. In some embodiments, a DIFCO system mayintentionally allow access not only to a licit user, but also to anillicit user, and therefore the illicit user's corresponding illicitaccess voucher may be determined to be valid so as to allow suchintended access. In instances of a given valid access voucher beingcomposed of a plurality of components (e.g., username and password),each such component may be termed ‘valid’ as part of the whole validaccess voucher—e.g., valid username and valid password as parts of avalid username/password combination comprising a valid access voucher.Additionally, if the associated access voucher of a given access requestis validated, then that access request may also be said to be‘validated’—i.e., the ‘validation’ of a given access request resultsfrom the validation of its associated access voucher. The term“confirming verisimilitude” is synonymous and interchangeable with theterms ‘validating’ and ‘validation’.

In some embodiments of a DIFCO system, an access voucher may be composedof components that may be received individually utilizing mechanismsintended for the acquisition of access vouchers such that thosecomponents seem nominally to be access vouchers themselves. However, forthe purposes of validation, a DIFCO system may combine such componentsso as to derive a single “combined access voucher” which may then bevalidated.

The term “access-validated” in relation to a DIFCO system (or other useridentification/authentication system) may refer to a given user whoseaccess voucher associated with an access request by (or proxied for)that user has been validated. Such an access voucher may be said to bean “access-validating” access voucher.

The term “assess” as well as derivative terms including “assessed”,“assessing” and “assessment” may refer to the process of analyzing anaccess request and associated access voucher and corresponding accountinformation (if any) so as to determine the type of the access requestmade by that user. In the process of assessment, prior to determiningthe type of the access request, a DIFCO system may further consider anaccess request—for example, utilizing one or more semblances to considerthe source of the access request and associated access voucher (saybased on source IP address and perhaps infer the intent of thecorresponding requesting user. Such additional consideration of anaccess request may affect the outcome of the determination of the typeof the access request. By way of analogy, a liquor store clerk mayassess a young man's request to buy a six pack of beer—determining bythe format, holographic seals and expiration date of the presenteddriver's license that it is valid; judging by the license's date ofbirth representation that the licensed driver is of legal drinking age,but judging by looking at the buyer that he is seemingly underage andnot the person pictured on the license, therefore, intending tomasquerade as the licensed driver so as to falsely appropriate thelicensed driver's licit right to buy beer.

The term “deem” utilized in relation to an access request may refer tothe result of the assessment of that access request wherein that accessrequest is determined (i.e., “deemed”) to be of a specific assessedaccess request type; and the act of such determining is “deeming”.

The term “semblance” utilized in relation to a given user's accessrequest may refer to recorded and/or communicated data conveying anintentional or inadvertent user signal or other information useful inaffecting, qualifying, augmenting or modulating the assessment of theuser's corresponding access request as well as any inference of theidentity and/or intent of the user requesting the access. One ormultiple semblances may be utilized in the assessment of an accessrequest.

The term “distinguishingly” when utilized in relation to a plurality ofaccess vouchers may refer to a signal decoded or otherwise inferredindividually from each such access voucher and utilized as a semblancethat may differ between such access vouchers and therefore mayfacilitate a DIFCO system to distinguish such access vouchers from eachother.

The term “out-of-band” utilized in relation to a given communication mayrefer to a communication utilizing a separate channel, medium and/orservice to communicate than another communication as may be wellunderstood by one skilled in the art. The term “in-band” utilized inrelation to a given communication may refer to a communication utilizingthe same channel, medium and/or service to communicate as the givencommunication as also may be well understood by one skilled in the art.

The terms “configuring” and “configuration” utilized in relation to acomputerized system integrated with a DIFCO system may refer toarrangement and/or alteration of the physical and/or logicalorganization and/or operation of that computerized system and componentsthereof—including but not limited to services, programs or dataoperating or stored therein as well as access thereto—as may be wellunderstood by one skilled in the art. The term “morph” may be usedinterchangeably as a synonym for the term ‘configure’. The term“morphed” may be used interchangeably as a synonym for the term‘configured’. The term “morphing” may be used interchangeably as asynonym for the terms ‘configuring’ and ‘configuration’.

The terms “differential”, “differentially” and “differentiated” utilizedin relation to a configuring or a configuration of a computerized system(including but not limited to services and data therein and access tosuch services and data) may refer to specific configuring of such acomputerized system resulting from the assessment of a given user accessrequest by a DIFCO system integrated with that computerized system—thatassessment being facilitated by one or more semblances.

The terms “requester” and “requesting user” utilized in relation to aDIFCO system refers to a user (licit or illicit) making an accessrequest to a DIFCO system (or to an illicit user coercing a licit userto make such an access request), and subsequent to that access requestbeing assessed, such a user that may utilize the correspondingdifferentiated service(s) and/or data.

The term “assessment result type” utilized in relation to a givenassessment of an access request may refer to the assessment, to theassessed access request, and/or to the dynamically differentiallyconfigured access (if any) pursuant to that assessment. The terms“access request type” and “type of access request” referring to a givenaccess request, subsequent to assessment of that access request, areinterchangeable with the term ‘assessment result type’.

The terms “dynamic” and “dynamically” utilized in relation to phrasesthat may include the terms ‘differentially’ or‘differentiated’—including, but not limited to ‘differentiallyconfigured’, ‘differentiated configuration’, ‘differentiated access’,‘differentiated service(s)’—refer to a configuration process that isactively performed subsequent to an assessment that results in both thedifferentiation and the configuration. Such dynamic configuration may,for example, allow a DIFCO system to be highly adaptable and responsiveto security threats based on signals from users, from external sourcesand/or deduced from observed events.

The user-apparent logical construct termed “role”, “user role” and/or“specie” utilized in relation to a user—that user being from a set oftwo or more users with valid access to a given account (i.e., each witha differing differentiable voucher)—may refer to user-apparent accessprivileges and/or permissions which in effect result from that user'sdifferentiable voucher, requested access and/or additional assessedsemblances. For example, two users may have licit access to a givenaccount's service(s) and/or data, but each user's access to suchservice(s) and/or data may be dynamically differentially configuredseparately. So, in effect, each access-validated user's dynamicallydifferentially configured access corresponds individually to that user's‘role’.

To facilitate the discussion of some embodiments of the presentinvention, exemplary labeling of a given assessment result type may beutilized. Such exemplary labels may include, but not be limited to:“okay” (i.e., assessed to be licit), “risk” (i.e., assessed to beillicit), “error” (i.e., assessed to be defective) and “system menacing”(i.e., assessed to be part of an attack against a DIFCO system). So forexample: an ‘okay’ access request assessment may result from alegitimate access request from a licit user; a ‘risk’ access requestassessment may result from a forced, impersonated, unauthorized,illegitimate or malicious access request from an illicit user (or from alicit user coerced by such an illicit user); an ‘error’ access requestassessment may result from an access voucher that may have beenmis-entered or poorly remembered (or some other defect in the accessvoucher); and a ‘system-menacing’ access request assessment may resultfrom an access request resembling or duplicating or perhaps justarriving concurrently with other requests utilized in an on-going denialof service (DOS) attack as may be well understood by one skilled in theart.

Furthermore, the above assessment result type labels (i.e., ‘okay’,‘risk’, ‘error’ and ‘system-menacing’) are intended to be illustrativeonly—so as to facilitate easily understood examples ofassessment—utilizing commonly occurring instances of securitychallenges. The types of, as well as the meaning of, significance of,and total number of types of assessment results may be different thanthe above exemplary four types depending on the embodiment. For example,a requester's ‘role’ conveyed in a semblance may affect an assessmentresulting in a unique assessment result type. So further by example,each of say ten different roles within a given account might have itsown corresponding unique assessment result type (and correspondingunique access voucher(s)).

The term “differentiable voucher” utilized in relation to a valid accessvoucher may refer to the uniqueness of that access voucher for a givenaccount such that that access voucher may correspond uniquely to aspecific assessed type of access or ‘role’ for that account andfurthermore assessment of that type of access or ‘role’ may result ingranting dynamically differentially configured access for thecorresponding access request associated with the ‘differentiablevoucher’.

The verb ‘accept’ is defined by an on-line dictionary (the FreeDictionary by Farlex) as: ‘admit as sufficient, accede to, admit assatisfactory, agree to allow, comply, confirm’. The terms “accept” aswell as derivative terms including “accepted” and “acceptable” utilizedin relation to an access voucher or a component thereof (e.g., password,PIN, biometric ID, etc.) and a corresponding access request may refer toa DIFCO system confirming such an access voucher as ‘valid’ andadmitting the corresponding access request for assessment and subsequentdynamic differentiated configured access.

The noun terms “means” and “mechanism” utilized in relation to thepresent invention may as synonyms interchangeably refer to an enablingor facilitating technique as may be well understood by one skilled inthe art.

This invention discloses systems and methods for dynamicallydifferentially configuring computerized systems facilitated byenhancements and/or extensions to the structure of and/or the meaningassociated with access vouchers so as to better protect suchcomputerized systems (including services, programs and data therein).Such enhancements/extensions to a given access voucher mechanism may forexample be utilized as means of facilitating enhanced useridentification, user account selection, user rights management (e.g.,privileges and permissions), enhanced security, and/or operationalconvenience. Furthermore, where possible such enhancements/extensionsmay be embodied so as to avoid or minimize altering the format of accessvouchers and corresponding input mechanisms utilized by DIFCO-upgradedlegacy systems.

To facilitate discussion, FIG. 1 shows one embodiment of a DIFCOEcosystem 100, in accordance with the present invention. FIG. 1 may beuseful in illustrating systems and methods for dynamicallydifferentially configuring and operating computerized systems—localand/or remote—for one or more computerized systems users (not shown)over wide area network(s) 140 (WANs) via any of a wide assortment ofelectronic network terminal devices, e.g., Accessing Communicators 111,112, 113, 114, . . . 119. Such Accessing Communicators may be utilizedto request and potentially receive access to services and/or data fromDifferentiating Server(s) 160. Additionally, in some embodiments,optional Access Control Proxy Server(s) 170 may supply semblance(s)and/or proxied access request(s) to Differentiating Server(s) 160 so asto potentially facilitate the assessment of a given user's accessrequest.

Accessing Communicators 111-119 represent the multiplicity of devicesthat may potentially support access to remote services and/or data onother system components of DIFCO ecosystem 100. Additionally, AccessingCommunicators 111-119 may potentially directly provide services (e.g.,via embedded application programs). Often these communicating computingdevices may be mobile devices—i.e., devices that can be carried easilyfrom place to place by an accessing user or a peer user—typically withWi-Fi or cellular data or other wireless connectivity and in numerousinstances with built-in mobile telephone capability. However, portableor fixed installation terminals may also support utilization of DIFCOsystem services within a DIFCO ecosystem 100. Standalone devices orsystems that may operate with zero, limited or intermittent networkconnectivity—for example, a medical X-ray machine (not shown)—may alsoembody and/or support utilization of DIFCO system services within aDIFCO ecosystem 100.

In the process of describing various exemplary embodiments, particularattention may be placed upon visual displays on mobile communicationdevices such as smart phone 112 or laptop computer 114. However,embodiment of the present invention may be accomplished with manyalternate embodiments of Accessing Communicators including, but notlimited to: smart watches 111, tablet computer systems 113, desktopcomputers 119, e-reader devices (not shown), automatic teller machines(not shown), point of sale terminals (not shown), sensor devices (notshown), body-implanted personal electronics (not shown), and virtuallyany other electronic devices (not shown) that include or supportnetworking capability and/or a user interface.

A DIFCO system may be implemented with a wide range of user interface(UI) types, including any combination of a visual display, tactile andaudio output and a visual, tactile or acoustic and/or neural connecteduser interface. In some embodiments, an Accessing Communicator 111-119may have a user interface as simple as an on/off switch or perhaps apower plug that when plugged into a power source causes such anAccessing Communicator to operate. So, for example, an AccessingCommunicator 111-119 may be a home security component such as a networkconnected video surveillance camera or other sensor.

Although the Internet is a well-known convenient example of a WAN 140for communication between accessing users and remote servers (and/orpeer users), a DIFCO system may also utilize equivalent communicationover other WAN(s) 140 using services such as, but not limited to:Virtual Private Network (VPN), leased line network, Public SwitchedTelephone Network (PSTN), cable network, Voice over Internet Protocol(VoIP), Skype, WhatsApp, Facebook, SnapChat, Twitter and other servicesthat provide or facilitate computer services between remote computingsystems.

In some embodiments, a DIFCO system may have numerous potentialinstantiations and/or implementations corresponding to, and consistentwith, typical computer interoperation architectures such as standalone,client-server and peer-to-peer architectures as may be well understoodby one skilled in the art. Therefore, a DIFCO system may utilize aunitary-system architecture, or perhaps a distributed systemsarchitecture that may have DIFCO system facilities and capabilitieslocated in and operating with two or more computerized systems—again asmay be well understood by one skilled in the art. Many embodiments of aDIFCO system may be suited to operate and/or interoperate successfullywithin a given computer interoperation architecture or combinations orhybrids or agglomerations of such architectures. Furthermore, a DIFCOsystem may facilitate peer-to-peer communication between computerizedsystems, between humans and computerized systems and between humans. Asan example of the latter, a DIFCO system may provide an automated userauthentication at the front end of a call to a stock brokerage as asecurity preface to connecting the human caller (i.e., user) with ahuman customer service representative (i.e., peer).

In many embodiments, a DIFCO system may be integrated or otherwiseinterworked with a service-providing-system—for example, with aweb-based email system such as Gmail (not shown) or a standalone systemsuch as a Gameboy (not shown). Such a DIFCO system may be so integratedso as to facilitate and enhance controlling access to and/or utilizationof that service-providing-system. For example, a DIFCO system may beintegrated as a security upgrade to a previouslynon-DIFCO-service-providing-system, so as to dynamically differentiallyconfigure and operate that service-providing-system in one of aplurality of dynamic configurations differentiated by the assessment ofthe type of a given access request to that system. The physicalembodiment of such an integration may for example reside in aDifferentiating Server(s) 160.

Additionally, a DIFCO system may integrate with a givenservice-providing-system using dynamic linking/execution mechanismsand/or virtual machine/interpreter facilities such that a DIFCO systemmay be dynamically integrated utilizing mechanisms such as DLLs, webbrowser plug-ins, Java, JavaScript as may be well understood by oneskilled in the art.

Optionally, in some embodiments, facilities of a DIFCO system may bedistributed between two or more devices and/or systems—for examplebetween an access control proxy server 170 and one or moredifferentiating server(s) 160. Further by example, such an accesscontrol proxy server 170 may provide centralized security control andmanagement to consumers. Given that such an access control proxy server170 may interoperate with multiple differentiating server(s) 160operated by different service providers—e.g., Facebook and Google—insome embodiments such an access control proxy server 170 may be operatedby a third party independent of such interoperating service providers.

Such distributed facilities of a DIFCO system instantiated in part in anaccess control proxy server 170, may for example facilitate accesscontrol for a given consumer to a multiplicity of services wherein theconsumer rather than an individual service provider would have controlof management, operation and reporting of such a critical securityfacility—thusly enabling the consumer to obtain more consistent,thorough and accountable security across multiple accessed services.Within such a distributed security architecture, the access controlproxy server 170 may need to interoperate with the various individualservices on differentiating server(s) 160 and ideally such services mayforward user/account-specific access requests to such an access controlproxy server 170 for consistent effective access control. Additionally,secure trusted signaling between the access control proxy server 170 anda given differentiating server 160 may for example be utilized tocommunicate to that differentiating server 160 the access controldetermination made by the access control proxy server 170. Andfurthermore, the differentiating server 160 may facilitate dynamicdifferentiated configuring and operation based on that communicatedassessment of the access request type.

In some embodiments, a DIFCO system may exchange information with acommunication intermediary—perhaps a device, a system or a serviceprovider—so as to obtain information relating to a given access requestthat may be utilized as a semblance in assessing that access request. Sofor example, a DIFCO system may obtain information from the serviceprovider (not shown) of WAN 140 regarding the source of the accessrequest. Such information may for example alert the DIFCO system thatthe access request may have been ‘anonymized’ by a TOR relay or Onionserver/router as may be well understood by one skilled in the art.

To better understand the scope and breadth of utilization of amultiplicity of DIFCO systems, imagine the myriad diverse and ubiquitousdaily uses of password access control regimes and other accessauthentication mechanisms between users and computerized systems as wellas between computerized systems. Now envision each (or perhaps all) ofsuch mechanisms replaced or otherwise augmented by DIFCO systems.

Referring to FIG. 2, exemplary instances of utilizations of DIFCOsystems are illustrated. Let's suppose exemplary user Alice Johnson (notshown) may operate a mobile device system 210 (say of the smart phone112 type) to access a centralized security service system 230 (hosted ona server of the Access Control Proxy Server 170 type) as well as toaccess several web-based service systems 240 and 250 (hosted on serversof the Differentiating Servers 160 type). In doing so, Alice may utilizemultiple instances and embodiments of DIFCO systems—as may beillustrated by the exemplary instances depicted in FIG. 2 and describedbelow.

Instance 1: Alice may utilize DIFCO System A integrated with mobiledevice 210 to gain password controlled dynamically differentiallyconfigured access to the operating features of that device including webbrowsing and embedded application programs as well as dynamicallydifferentially configured access to data such as photographs stored inthe mobile device.

Instance 2: Alice may utilize DIFCO System B integrated with Wi-Firouter device 220 to gain password controlled dynamically differentiallyconfigured access to internet communication services and via theinternet (i.e., WAN(s) 140) potential access to several remotesystems—230, 240 and 250.

Instance 3: Alice may utilize DIFCO System C integrated with centralizedsecurity service 230. For example, she may utilize such a DIFCOintegrated security service 230 as a centralized secure repository fornumerous passwords and perhaps other secret or sensitive information.Additionally, Alice may utilize DIFCO System C to log-in to otherservices on her behalf (at her direction) and to correspondinglyre-direct or forward communication between her browser and any systemthusly logged into. In this way, for example, Alice may utilize aplethora of passwords so as to avoid predictability and yet not beburdened to memorize them. Alternatively, or in addition, DIFCO System Cmay serve as a proxy for other remote systems—e.g., 240 and 250—byhandling log-in authentication for them (perhaps facilitated by tokenssuch that those remote systems avoid storing sensitive securityinformation such as passwords as may be well understood by one skilledin the art). DIFCO System C may additionally provide varied services fora remote system (in addition to those services provided to users such asAlice). System C may, for example, provide semblance(s) that may supportthe log-in process for dynamically differentially configured access to aservice on a remote system. Additionally, communication between Aliceand DIFCO System C as well as relayed communication between DIFCO SystemC and DIFCO System D (or DIFCO System C and DIFCO System E) may befurther secured by use of virtual private networks to tunnel theinternet as may be well understood by one skilled in the art.

Instance 4: Alice may utilize DIFCO System D—facilitated by proxy log-inand relay from DIFCO System C as discussed above—to gain dynamicallydifferentially configured access to the service-providing-system for webemail integrated with DIFCO System D 240. In this instance, DIFCO SystemC may provide an encrypted token (serving as an access voucher) to DIFCOSystem D causing DIFCO System D to grant Alice licit dynamicallydifferentially configured access without System D directly conducting alog-in dialog with her. In other words, DIFCO System C may conduct thatlog-in dialog and relay the result as a proxy for DIFCO System D as maybe well understood by one skilled in the art.

Instance 5: Alice may utilize DIFCO System E augmented by signaling fromDIFCO System C—to gain dynamically differentially configured access toDIFCO System E and its integrated service-providing-system for photosharing 250. In this instance, DIFCO System C may relay an encryptedendorsement to DIFCO System E as a semblance strengthening thelegitimacy of Alice's access request to DIFCO System E. DIFCO System Emay conduct a log-in dialog with Alice, but additionally use theexternally-sourced encrypted endorsement as a semblance that Alice'saccess request is a licit one. In some embodiments of a DIFCO system,such an additional semblance originated from an external source may berequired to assess an access request.

These are just some exemplary instances of varying utilizations ofmultiple co-existing and/or interoperating DIFCO Systems within a DIFCOEcosystem 100. Many other embodiments are possible. Furthermore, DIFCOsystems may be embodied, arranged and organized in a myriad of waysincluding stand-alone and/or a collection, combination, aggregation,hierarchy or network of DIFCO systems.

A typical voucher system commonly may utilize username and passwordcomponents, joining a public username component with a private passwordcomponent (or equivalent personal identification number (PIN)), thecombined pair comprising a voucher associated with a single user,account, or user role. In use, presentation of the uniquevoucher—comprised of username and its paired password—identifies a user(and typically a corresponding account).

The present invention removes the uniqueness constraint from the aboveand other access voucher systems by associating, individually or in anycombination, multiple differing access vouchers with a single user,account, or user role to enable a given user to select from amultiplicity of access vouchers as a mechanism for differentially anddynamically configuring accessed computerized systems (includingservices and/or data therein). Such multiple differing access vouchersmay utilize multiple differing usernames, multiple differing passwords(or cryptographic key sequence alternatives, biometric fingerprintchoices, etc.) per username, or multiple differing access vouchersystems (e.g., username and password, key card, biometrics, etc.).

In some embodiments, a primary utilization of a DIFCO system is todifferentiate between licit access requests and illicit access requestsfor a given account, and furthermore, to satisfy both types of accessrequests, but in a differentiated fashion, so as to prevent illicitaccess requests from gaining access to some portion of licitly-accessedservices and/or data and to potentially enable illicit access requeststo have access to services and/or data other than that accessed by alicit user. However, in more general utilizations, a DIFCO system mayadditionally facilitate access requests for a larger set ofdifferentiated types of dynamically differentially configuredaccess—i.e., ‘roles’—greater than just the two mentioned above (i.e.,licit and illicit) for a given account. Such facilitation of from two upto N differentiated roles (where N is a whole number equal to or greaterthan two), may provide a highly flexible means to provide securedynamically differentially configured access to a plurality of users(perhaps a very large plurality of users). A set of roles for a givenaccount facilitated by a DIFCO system may include licit uses, illicituses or a mixture of both licit and illicit uses. In some embodiments,the user-apparent characteristics of a given role may be arbitrary aslong as the DIFCO system can differentiate that role from other rolesbased on the differentiable voucher (or vouchers) uniquely associatedwith that role. Furthermore, roles may be account specific, such thatthe user-apparent characteristics of roles for one account may bedifferent than those utilized for another account. For example, oneaccount may have two roles—one for a licit user (‘okay’ role) and onefor an illicit user (‘risk’ role). Whereas, in contrast, another accountmay have roles corresponding to licit users with varying accessrequirements—say for example, users Alice Johnson and her family membersusing social networking. The roles in such an exemplary Johnson familyaccount include: ‘Mom’, ‘Dad’, ‘Granny’, ‘Gramps’, ‘Little Brother’ and‘Auntie Mary’. Furthermore, such an exemplary account might includeroles for illicit users as well—say: ‘snoopy boss Ned’, ‘ex-boyfriendBilly’, ‘BFF-not Judy’, and ‘guy peeping over my shoulder at Starbucks’.

Furthermore, in some embodiments of the present invention, the presenceor absence of one or more semblances—individually or in combinations—maybe utilized to certify, supplement, weight, tune, temporize, modify orotherwise affect the assessment of an access request. The lack of anobserved semblance, i.e. a non-present semblance or no semblances atall, may in some embodiments be recognized, captured and conveyed by aDIFCO system creating a semblance signifying the observed lack ofsemblance(s), wherein that thusly signifying semblance may then affectthe assessment of a given access request. This is an important semblancecapability in that, for example, the lack of a prior known behavior of auser may be indicative of or signify a potential security threat. Insome embodiments, a DIFCO system may create such semblance(s) just priorto or as part of the assessment of an access request.

Although artificial intelligence has made great progress, humanintelligence may still in many ways be superior. Consequently, in someembodiments, a DIFCO system may share semblance(s) with a given humanuser. So, for example, upon log-in a DIFCO system might display to auser the following message: ‘Suspected log-in hacking attempt on May 20,2017 at 7:30 PM—did you attempt to log-in then?’. Additionally, a givenuser may provide semblance(s) to a DIFCO system—for example by replyingto a DIFCO system query such as in the preceding sentence or providingan unsolicited report. In some embodiments, a DIFCO system may providesemblance(s) to a human user out-of-band—e.g., sending a security alertvia text message.

Additionally, in some embodiments, DIFCO systems (as well as othercomputerized systems) may share semblances. Such sharing may, forexample, facilitate a larger scoped awareness of the quantity, quality,source and timing of potential hacking attempts against a plurality ofsuch semblance sharing systems such that pattern(s) may be deduced.Additionally, a DIFCO system may report semblances to authoritativeindividuals such as IT professionals to facilitate analysis by humanintelligence of potential security threats. Additionally, DIFCO systemsmay acquire semblances from such authoritative individuals.

In some embodiments, sharing of semblances between DIFCO system(s) andhuman user(s) (or between DIFCO systems) may be facilitated by an AccessControl Proxy Server 170—perhaps a centralized security service system230. Additionally, such sharing may be facilitated between humanusers—perhaps via on-line user forums—such that human intelligence ofsecurity threats may be shared and corresponding semblances created andshared with DIFCO system(s).

A different sort of sharing—i.e., via social networking—has hugelycomplicated securing computerized systems, services and data. Socialnetworking enables humans to carelessly and inadvertently share largeamounts of personal and/or sensitive information with persons andcomputer systems world-wide—some that may be bad actors. Ownership andsecuring of such shared information may largely be under the control ofsocial network corporations such as Google, Facebook, Weibo, Snapchatand Twitter. Often such sharing is proscribed in limited ways by complexand shifting policies again controlled largely by social networkcorporations. Additionally, a huge market exists for resellingaggregated and cross-correlated personal and sensitive information—notjust from social networks, but also from other organizations with accessto such information—e.g., Target, Amazon, Visa, Experian, as well asnumerous government agencies.

Unfortunately, social networks share—sometimes intentionally—thesensitive information of third parties exposed by social networkusers—sometimes euphemistically referred to as friends or friends offriends. So for example, an employee may share derogatory informationabout their employer. Or perhaps, a malicious individual exposesexplicit pictures or writings of a former lover—a practice known as‘revenge porn’. Such behavior has opened the door for persons inpositions of power such as law enforcement and employers to compel orcoerce users to divulge their social network account login accessvouchers so that such powerful persons may rummage around in thosethusly compromised accounts. This is a growing and insidious problem inthat such compromises bypass the current generation of computer securitymechanisms.

In some embodiments, a DIFCO system may acquire semblances from socialnetworking systems so as to convey information regarding the sharing ofa given user's personal/sensitive information. Such acquisition may befrom a social networking system with which the DIFCO system isintegrated or from an external social networking system.

FIG. 3 is a flow diagram illustrating the functionality of someembodiments of a DIFCO system within the DIFCO Ecosystem 100 of FIG. 1.

Referring to step 310 in some embodiments, an exemplary DIFCO system mayreceive an access request. An at least one access voucher may beassociated with the access request.

Referring to step 330, in some embodiments, the DIFCO system mayvalidate the access voucher (or access voucher(s)) associated with theaccess request. In this example, one may assume that one access voucheris utilized. In some embodiments of a DIFCO system a plurality of accessvouchers may be associated with a given access request as may bediscussed subsequently in this specification.

In some embodiments, a DIFCO system may exchange information with aseparate access voucher authority in order to validate a given accessvoucher associated with an access request. For example, an accessrequest may utilize credit card chip information as an access voucherwhich may include a token that is intentionally unintelligible to aDIFCO system. Therefore, the DIFCO system may relay such a token to athird-party credit card processing system (perhaps along with DIFCOsystem provided user information) and receive back information (perhapsuser identifying information and/or a signal of successful orunsuccessful validation of the access voucher) from that credit cardprocessing system to be utilized by the DIFCO system to completevalidation of the access voucher—as may be well understood by oneskilled in the art.

In some embodiments, a DIFCO system may validate the access voucher bycomparing it against a set of unique access voucher values—utilizing oneor more of many techniques—where each such access voucher value maycorrespond to a given account as may be well understood by one skilledin the art. In some embodiments, such a comparison process may utilize acomponent of the access voucher such as a username or account ID againas may be well understood by one skilled in the art. The result of sucha comparison, if a match is not found, is that the access voucher isthusly verified to be ‘invalid’. Conversely, the result of such acomparison, if a match is found, is that the access voucher is thuslyverified to be ‘valid’ and an account uniquely corresponding to theaccess voucher is determined. Such a validation process and validationresult is common in many user identification/authentication systems,

However, the validation process of a DIFCO system differs in that anadditional result may be derived from the validation process—i.e., thedetermination of the type of access requested. For example, such arequested type of access may be a ‘role’ specific to the determinedaccount associated with the access voucher value. Such an additionalresult may be produced in that the set of voucher values utilized forsuch a comparison above may contain at least two unique voucher valuescorresponding to a given account, whereby each of those voucher valuesmay correspond to a different type of access request (e.g., ‘role’)within that given account. In some embodiments of a DIFCO system, thethusly derived validation result(s) may be conveyed in semblance(s) soas to be utilized in the assessment of the corresponding access request.

Additionally, as the result of such a DIFCO system validation process,either the access voucher is matched and thereby verified to be ‘valid’and a corresponding account and role within that account may bedetermined—or, the access voucher is not matched and is thereby verifiedto be ‘invalid’. The validation results—i.e., ‘valid’ or ‘invalid’ aswell as the corresponding account and role information may be conveyedin one or more semblances associated with the access request.

Furthermore, in some embodiments, additional semblance(s) may beassociated with the account corresponding to a verified valid accessvoucher and its associated access request. Such semblance(s) mightconvey information such as a ‘date/time stamp’ for the access request, asource IP address, and other related details. Such semblance(s) may besubsequently utilized to assess the just validated access request and/orsubsequent access requests verified by the validation process for thesame account.

Referring to step 340, in some embodiments, the DIFCO system may assessthe access request so as to determine the type of the access. Such anassessment may be facilitated by one or more semblances (such as thesemblance(s) resulting from the account voucher validation process atstep 330 above as well as perhaps other semblance(s) conveyingpreviously observed user and account history and/or remotely sourcedsemblance(s)). The result of such assessment may be the deeming of thetype of the access request—e.g., corresponding to the associated role,the nature of the access (e.g., licit or illicit), or perhaps anothertype of access request such as ‘error’ or ‘system-menacing’.

It should be noted that in some embodiments of a DIFCO system,assessment may be viewed as a sort of ‘double checking’ or refinement ofthe validation process (of step 330) result wherein one or moresemblances may be utilized to perhaps amend the result of the validationprocess for a given access request. So for example, such a semblance mayindicate that the source of the access request was a TOR serverfrequently utilized for ‘anonymization’ by hackers. Therefore, the DIFCOsystem may assign a different account-specific role (or other type ofaccess request) to the assessed access request.

Referring to step 350, in some embodiments, the DIFCO system may grantor deny the access request based on the assessed type of that accessrequest. If granted, such access may be dynamically differentiallyconfigured such that access may be provided to an at least onedifferentiated service and/or differentiated data as is furtherillustrated in FIG. 4.

It should be noted that such differential configuration is performeddynamically, subsequent to and as the result of the assessment of theaccess request. Given the ever-changing and expanding nature of moderncomputerized services and data—e.g., Facebook, SnapChat, etc.—thealternative, an old-fashioned selection of static pre-configured access,is inadequate to keep up with constantly evolving security needs.

In some embodiments, dynamic differential configuration providingdifferentiated access to service(s) and/or data may be temporary andspecific to a given validated access request—e.g., lasting until therequested access is completed or otherwise terminated, but lasting nofurther. In other embodiments, such dynamic differential configurationmay persist for multiple access requests (corresponding to one givenaccount). Such a “persistent dynamic differential configuration”, mayfor example persist until some concluding semblance or other occurrenceis detected by the DIFCO system. Similarly, a given semblance may betemporary or persist for multiple access requests—i.e., a “persistentsemblance”. Furthermore, a persistent dynamic differential configurationmay be facilitated in persisting by one or more persistent semblance(s).

Referring to FIG. 4 at step 410, in some embodiments, the DIFCO systemmay determine if the type of access request assessed may be‘system-menacing’. If so the DIFCO system may deny access—skipping alladditional steps of FIG. 4—and proceed to DONE.

It should be noted that a ‘system-menacing’ access request may arrivewithin a highly concentrated sequence of access requests that mayconstitute a DOS attack (or perhaps just a worst-burst traffic load).Such a DOS attack may in some instances be best defended against bydropping some or all access requests that seem to be intended tooverwhelm the processing capability of a DIFCO system. In order to avoidbeing thusly overwhelmed, a DIFCO system that is seemingly under attackmay shed some or perhaps all access requests with little or novalidation or assessment of such access requests until such time thatthe volume of access requests (and other concurrent packet traffic)declines to a manageable point. In many embodiments, an access requestassessed to be a ‘system-menacing’ access request may be discardedwithout any provided service. In some embodiments, an active defense maybe attempted wherein an upstream router or switch may be signaled so asto attempt to staunch the stream of access requests resulting from sucha DOS attack.

In some embodiments, a DIFCO system may discard access requests withlittle or no validation or assessment—for example because a DOS attack(or worst-burst traffic load) may be underway (as described previouslyabove). For example, in some embodiments of a DIFCO system, some accessrequests such as ‘error’ and potential ‘system-menacing’ access requestsmay be discarded, blocked, denied or otherwise prevented from gainingany dynamic differentiated access to the requested service and/or dataas a direct or indirect consequence of a concurrent DOS attack.

Referring to step 420, in some embodiments, the DIFCO system maydetermine if the type of access request assessed may be ‘error’. If theaccess request is assessed to be an ‘error’ access request, proceed tostep 440, otherwise proceed to step 430.

Referring to step 430, in some embodiments, the DIFCO system may replyto an ‘error’ access request with a denial indication. Proceed to DONE.

It may be noted that a DIFCO system, in some embodiments, may grantlimited differentiated access to a user's ‘error’ access request. Suchdifferentiated access may for example dynamically differentiallyconfigure access that presents the user with a choice to create a newaccount or to obtain assistance in remembering the user's accessvoucher.

Referring to step 440, in some embodiments, the DIFCO system maydetermine if the type of access request assessed may be ‘role 1’. If theaccess request was assessed to be a ‘role 1’ access request, proceed tostep 445.

Referring to step 445 in some embodiments, the DIFCO system maydynamically differentially configure for ‘role 1’ access, proceed tostep 490.

Referring again to step 440, in some embodiments, the DIFCO system maydetermine that the type of access request assessed may not be ‘role 1’.If the access request was not assessed to be a ‘role 1’ access request,proceed to next step querying the assessed type of the access asindicated by the ellipses. Note the number of roles facilitated by aDIFCO system may vary from 2 to N, where N is a whole number greaterthan or equal to 2.

Referring to step 480, in some embodiments, the DIFCO system maydetermine if the type of access request assessed may be ‘role N’. If theaccess request was assessed to be a ‘role N’ access request, proceed tostep 485.

Referring to step 485 in some embodiments, the DIFCO system maydynamically differentially configure for ‘role N’ access, proceed tostep 490.

Referring again to step 480, in some embodiments, the DIFCO system maydetermine if the type of access request assessed may not be ‘role N’. Ifthe access request was not assessed to be a ‘role N’ access request,proceed to DONE.

Referring to step 490, in some embodiments, the DIFCO system may providethe differentiated access resulting from dynamic configuration.

Referring again to FIG. 3 at step 370, in some embodiments, the DIFCOsystem may retain semblance(s) conveying information relative to theaccess request.

The DIFCO system may retain one or more such “residual semblance”continuously for a duration of two or more assessments such thatinformation available at a given assessment may be conveyed viasemblance(s) such that it may be available as well at a subsequentassessment. Additionally, such a residual semblance may be transformedby successive assessments. For example, such a persistent residualsemblance might convey the source IP address corresponding to the mostrecently assessed access request. Continuing with this example, a set ofsuch residual semblances might provide a history of source IP addressescorresponding to access requests for a given account. Alternatively,such historical information might be conveyed as a list in a singleresidual semblance that is updated for each new access request for thegiven exemplary account.

Referring to step 390, in some embodiments, the DIFCO system may receivezero or more semblance(s) from remote sources. Such a remotely sourcedsemblance(s) may for example convey the source IP address(es) for anongoing DOS attack against another DIFCO system.

In some embodiments, a primary utilization of a DIFCO system may be toassess the relative security threat posed by a given access request. Insome embodiments, during the assessment process, a DIFCO system mayutilize gradation along a scale between illicit and licit so as tocorrespond to some amount of uncertainty prior to completion of theassessment. Individual semblances utilized in such assessments, may beweighted such that some semblance may have a greater influence on agiven assessment than some other semblance(s).

In some embodiments, the assessment of the role of a given valid accessrequest may have differing outcomes (e.g.,—one of multiple possibleassessed roles) based on the semblance(s) influencing the assessmentprocess. In some embodiments, a measure of relative certainty in a givenassessment may be retained—individually or perhaps in aggregate withother such relative certainty measurements—to provide a semblance for afuture access request assessment. Additionally, such a “retainedassessment” may be refined or transformed in the process of anassessment.

In some embodiments of a DIFCO system, the assessment of theaccount-specific role corresponding to a given access request may bebinary: either ‘risk’ (i.e., illicit) or ‘okay’ (i.e., licit). A givenDIFCO system, in some embodiments, may utilize semblances to helpdistinguish a potential ‘risk’ access request from a potential ‘okay’access request. A DIFCO system may over time accumulate multiplesemblances specific to given user or user account. Semblances may varyin nature, may have one or multiple sources (e.g., a source(s) externalto the DIFCO system such as a third-party identification authority) andmay vary in importance in the process of assessing a given accessrequest. Assessment of an access request—e.g., as ‘risk’ vs. ‘okay’—maybe embodied in many ways, but the consequences resulting from theassessment of a ‘risk’ access request may be markedly different fromthose of traditional access control regimens which completely denyillicit access requests, thereby effectively signaling detection to thepotential bad actor making that illicit access request and therebyunwittingly helping them to improve their hack via deduction andelimination. Instead, a DIFCO system may allow differentiated access for‘risk’ access requests—rather than block or deny such accessrequests—such that the thusly accessed service and/or data may bedynamically differentially configured to differ from the normal serviceand/or normal data requested.

By way of analogy, picture a safe deposit box leased to a bank patronnamed Alice and protected by a door which can be opened by a specificlicit key—i.e., Alice's key. Additionally, a bad actor possesses a‘skeleton’ key that is not a duplicate of the licit key, but which alsocan open the door to Alice's safe deposit box. Furthermore, the lock ofthe door is devised to uniquely recognize the specific licit key, and ifany other key is inserted, it is detected as not being the specificlicit key. Turning such a detected not-licit key in the lock causes thelicit safe deposit box to be whisked away before the door opens andreplaced with a different safe deposit box that appears the same, butwhich has somewhat different contents. Note that the different contentsmay perhaps be only slightly different than those in the licit safedeposit box or they may range all the way to wholly different. Incontrast, turning the lock with the licit key and opening the doorcauses no such whisking and therefore exposes Alice's licit safe depositbox and its contents. (It should be noted that a bad actor may steal orcopy the licit key or coerce Alice to open the door with the licit key).With a DIFCO system the analogous ‘keys’ are access requests (perhapscombined with semblances) and the ‘contents’ are differentiallyconfigured service and/or data accesses.

As a further example, a DIFCO system may be operating standalone (asopposed say to actively interoperating as one of several distributedinteroperating systems) within a DIFCO Ecosystem 100—perhaps integratedwith the operating system of an Accessing Communicator device such as adesktop computer system 119. The exemplary user Alice (not shown) may beattempting to log-in on that computer in order utilize the computer—sayoff-line initially, but perhaps later communicating over a WAN 140 toaccess remote services. Alice may enter an access voucher—say a usernameand a secret password.

Referring once again to FIG. 3 at step 310, in some embodiments, theDIFCO system may receive an access request—i.e., Alice's log-in requestincluding her username/password access voucher.

Referring to step 330, in some embodiments, the DIFCO system may verifythe validity of the access voucher. In this example, Alice has enteredher username/password correctly. It is verified by the DIFCO system andher access voucher is determined to be valid. Additionally, her accountcorresponding to her access request is identified utilizing the usernameportion of her access voucher. The validity of Alice's access voucherand the identification of her account are conveyed in a semblance.

In some embodiments of a DIFCO system, the ‘handle’ associated with auser of a given account may differ from any username that the user mayutilize as an access voucher to access that account as may be wellunderstood by one skilled in the art. For example, Alice may use thehandle ‘Alice’ in association with her Gmail account such that her emailaddress (in the typical format ‘handle@domain’) is Alice@gmail.com.However, the username for access to her Gmail account may be‘funnygirl’. As a consequence, a bad actor who knows Alice's handlecan't assume that her username is the same as that handle. In someembodiments of a DIFCO system, a user may not be allowed to have anidentical handle and username associated with a given account.

In some embodiments, a DIFCO system may provide dynamically configureddifferentiated access to the service(s) and data of a given account tomultiple users of that account (e.g., licit ‘okay’ users and/or illicit‘risk’ users) based on a valid access voucher as well as pertinentsemblance(s) (i.e., related to such an access request and/or to thataccount). Such multiple users may utilize different access vouchers toaccess such a given account wherein each user's different access vouchermay correspond to a different dynamically differentially configuredaccess. Additionally, two or more users may share use of the same accessvoucher for a given account such that each user may gain the samedifferential access (dynamically configured per access). However, insome embodiments of a DIFCO system, an access request concurrent with asecond access request (or an ongoing access) utilizing the same accessvoucher for a given account may be detected by a DIFCO system such thata semblance conveying such an occurrence may be created. Furthermore,such a ‘concurrent accessing’ semblance may, in some embodiments, resultin an assessment of such a detected concurrent access request such thatthe access corresponding to that request is differentially configured soas to differ from the other concurrent access(es).

Referring to step 340, in some embodiments, the DIFCO system may assessAlice's access request wherein such assessment may be facilitated by oneor more semblances (such as semblance(s) conveying previously observeduser and account history and/or remotely sourced semblance(s) as well assemblance(s) resulting from validating Alice's access voucher). Theresult of such assessment may be the deeming of the type of the accessrequest analyzed—e.g., ‘okay’ or ‘risk’ (or ‘system-menacing’ or‘error’, etc.). In this example, Alice's access request is deemed ‘okay’

In a given assessment by a DIFCO system, the deeming of an accessrequest may be affected by one or more semblances. For example, thedeeming of a ‘system-menacing’ access request—e.g., part of a DOS attackor some other form of system hacking—may be facilitated by semblance(s)conveying the likely occurrence of an attack and information such as IPaddress(es) relating the access request to the likely attack. Further byexample, the deeming of an ‘error’ access request may be facilitated bysemblance(s) conveying for example a sub-risk threshold count of recentprior ‘error’ access request(s) for the username associated with theaccess request (i.e., above that sub-risk threshold count such an accessrequest may be deemed ‘risk’ as may be well understood by one skilled inthe art). (Or perhaps deeming an ‘error’ access may be facilitated bysemblance(s) convey that the password/username associated with thedeemed ‘error’ access request matched no valid username/passwordcombinations. Additionally, the deeming of an ‘okay’ access request maybe facilitated by semblance(s) conveying for example that thepassword/username associated with the access request validly matched alicit password/username combination. Furthermore, the deeming of a‘risk’ access request may be facilitated by semblance(s) conveying forexample that the password/username associated with the access requestvalidly matched a ‘risk’ access password/username combination.

Referring to step 350, in some embodiments, the DIFCO system may grantor deny the access request based on the result of the assessment of thataccess request. If granted (which it will be in this example for Alice),such access may be dynamically differentially configured such thataccess may be provided to an at least one differentiated service and/ordifferentiated data as is further illustrated in FIG. 5.

In some embodiments, a DIFCO system may dynamically differentiallyconfigure access to services and/or data such that an access requestassessed to be a ‘risk’ type may be prevented from accessing sensitivedata or operation of sensitive services that may expose or alter suchsensitive data. An ‘okay’ access request may be provided dynamicallyconfigured differentiated access to normal service and normal data.‘System-menacing’ and ‘error’ access requests may be blocked fromaccess. So for example, a DIFCO system may receive an access requestthat nearly matches a valid username/password combination and thereforemay be assessed to be an ‘error’ access request. Rather than allowingdifferentiated access as if this were an attempted ‘risk’ access request(which it might in fact be), such an assessed ‘error’ access request maybe responded to with an access denial message for the requester. If theassessed ‘error’ access request were in fact an attempted illicit accessrequest from a bad actor, that bad actor might gain information oflimited use as it might not be apparent whether the username or thepassword was mismatched.

Note that FIG. 5 illustrates an N=2 (i.e., ‘okay’ and ‘risk’) instanceof the embodiments illustrated in FIG. 4. Therefore, the steps in commonwith FIG. 4 are labeled with 4xx label numbers.

Referring to FIG. 5 at step 410, the DIFCO system may further processAlice's access request. If the access request was assessed to be a‘system-menacing’ access request, the DIFCO system may forgo providingaccess of any sort—effectively discarding the access request with noreply to it—and proceed to DONE.

Referring to FIG. 5 at step 420, the DIFCO system may further processAlice's access request. If the access request was assessed not to be an‘error’ access request, proceed to step 550.

Referring to FIG. 5 at step 430, the DIFCO system may reply to an‘error’ access request with a denial indication. So for example, ifAlice had mis-entered her access voucher, a notifying message might bedisplayed on Alice's device screen. Proceed to DONE.

Referring to step 550, the DIFCO system may further process Alice'saccess request. If the access request was not deemed to be a ‘risk’access request, proceed to step 560.

Referring to step 555, the DIFCO system may dynamically differentiallyconfigure ‘risk’ access such that some or all service(s) and/or datathat Alice may normally use may be protected from access. So forexample, if Alice's prying boss Ned had coerced Alice to log into heraccount she might have entered a valid access voucher intended by Aliceto result in a ‘risk’ access request assessment. Proceed to step 490.

Referring to step 560, the DIFCO system may further process Alice'saccess request. If the access request is assessed not to be an ‘okay’access request, proceed to DONE.

Referring to step 565, in some embodiments, the DIFCO system maydynamically differentially configure ‘okay’ access for Alice. So forthis illustrative example of Alice logging into her account to utilizeit normally, her correctly entered valid access voucher intended to beassessed as an ‘okay’ access request has succeeded in doing so. Proceedto step 490.

Referring to FIG. 5 at step 490, in some embodiments, the DIFCO systemmay provide Alice the differentially configured access to service(s)and/or data. Proceed to DONE.

Referring back to FIG. 3, continuing at step 370, in some embodiments,the DIFCO system may convey information incidental to the access requestas semblance(s) for potential use in assessment of future accessrequests. So for example, the DIFCO system may update semblance(s)conveying use history of the protected system—e.g., user and accounthistories. With each processed access request and correspondingdynamically differentially configured operation of the protected system,the DIFCO system may accumulate additional semblance-conveyed data thatmay used in subsequent assessment of access requests. However, during aDOS attack, such incidental information retention may for example belimited to tabulating the IP address and incrementing a correspondingrecurrence counter as may be well understood by one skilled in the art.

Referring to step 390, in some embodiments, the DIFCO system may receivezero or more semblance(s) from remote sources.

The ever-changing content that is shared via social media (or say email)combined with the often-evolving groupings of individuals who haveshared access to varying amounts of that content, make it very difficultfor a DIFCO system to protect sensitive/personal/data in a given licituser's account—especially when that data has been shared even to alimited degree. An illicit user who has coerced a licit user to provideseemingly ‘okay’ access to the licit user's account may often have someknowledge of the protected/sensitive data in that account. In fact, theymay be looking to expose that data in order to cause trouble for thelicit user. Additionally, over time many users—both licit andillicit—will become familiar with how a given DIFCO system providesdifferentiated access.

Consequently, it may become more and more difficult to deceive acoercive illicit user to believe that they have access to the coerceduser's normal data in instances when the coerced user has actuallyprovided a ‘risk’ password thus resulting in ‘risk’ access. Asubstitution for or hiding of personal/sensitive data may be a deadgiveaway. Another dead giveaway may be the modification or proscriptionof some services. The coercing illicit user may for example haveextensive training in the use of the specific DIFCO system beingbreached—perhaps the illicit user is an IT professional. Instead ofprotecting the coerced licit user, that coerced user's situation may bemade worse.

Accordingly, in some embodiments, a DIFCO system may retain and utilizesemblances conveying historical use patterns for a given account suchthat divergences from anticipated use patterns may alert the DIFCOsystem and cause it to impose partial or complete lock-outs as acomponent of differentiated access. Such lock-outs may thusly be imposedfor a given account corresponding to an ‘okay’ access request as well asfor a given account corresponding to a ‘risk’ access request. In thisway, for a ‘risk’ access, the differentiated service may includeintentional lock-outs. However, because intrusive use during an ‘okay’access may cause the same sorts of lock-outs, an illicit user may beleft with the ambiguity of having too little information to distinguisha ‘risk’ access from an ‘okay’ access—i.e., was the illicit user trickedinto a ‘risk’ access or did the illicit user's own intrusive blunderingcause a lock-out during an ‘okay’ access?

Furthermore, such a DIFCO system lock-out during an ‘okay’ access mayprovide protection from bad actors that may request ‘okay’ accessutilizing a licit username/password combination—for example, obtained bysurreptitious means such as over the shoulder observation or key-presslogging by malicious software infecting the licit user's device as maybe well understood by one skilled in the art.

In some embodiments, a DIFCO system may utilize the pre-occurrence ofspecific events conveyed in semblance(s) and/or the absence of suchpre-occurrence of specific events conveyed in semblance(s) as anindication(s) and/or an inference(s) that may affect the assessment of agiven access request. In the instance of absence of the pre-occurrenceof events conveyed in specific semblance(s), a DIFCO system may createor otherwise infer a semblance(s)—at the time of an access requestassessment—conveying indication(s) of such absence so as to be utilizedin that assessment and/or subsequent assessment(s).

So for example, an access request utilizing Alice's nominally licitusername/password combination may actually be assessed as a ‘risk’access request if she has failed to text something to a specific number(i.e., provided an out-of-band pre-qualifying semblance). Such aneffectively pre-qualifying semblance may have a “time-to-live” enforcedby the DIFCO system such that a stale pre-qualifying semblance may beprevented from unintentionally persisting indefinitely as may be wellunderstood by one skilled in the art. So further by example, Alice maytext any message to the specific number—say, ‘Still meeting Jim?’ within90 seconds (i.e., the time-to-live) of logging-in. The resultingpre-qualifying semblance along with Alice's subsequent timely accessrequest utilizing her licit password may result in an ‘okay’ accessrequest type assessment by the DIFCO system such that she may havenormal use of her services and data (i.e., ‘okay’ access).

Extending the example, let's assume that Alice's boss Ned may coerceAlice into logging into her account. In this instance, Alice does notsend the pre-qualifying semblance text message such that logging-in withher nominally licit username/password combination may result in a ‘risk’access type assessment by the DIFCO system such that she (acting oncommand of intruder Ned) may have ‘risk’ access (rather than ‘okay’access).

In the above example, the pre-qualifying semblance is signaledout-of-band utilizing a service other than the service about to receivethe pre-qualified access request. So in a contrasting example, apre-qualifying semblance(s) may be signaled in-band utilizing the sameservice as the service about to receive the pre-qualified accessrequest. The in-band pre-qualifying semblance may be the occurrence ofthree or more assessed ‘error’ access requests within a 2 minutetime-to-live period prior to an access request utilizing Alice's licitusername/password combination. So, if Alice makes three or moreintentional ‘error’ access requests within the time to live, hersubsequent valid access request is assessed by the DIFCO to be an ‘okay’access request. However, should Alice fail to make three or moreintentional ‘error’ access requests within the time to live, hersubsequent valid access request is assessed by the DIFCO to be a ‘risk’access request. A further refinement of such pre-qualification might forexample, require the pre-qualifying ‘error’ access request(s) to utilizea specific username/password combination, or even a sequence (perhapsordered) of specific username/password combinations

Another representative embodiment might imbue use of a keyboard's‘backspace’ key with special properties—namely, that the erased symbolsare remembered and can serve as an in-band pre-qualifying semblance,such that Alice entering her password as ‘z BACKSPACE abc’ isinterpreted as pre-qualifying semblance ‘z’ and password ‘abc’. In sucha case, if ‘abc’ is the licit password, then the meaning of ‘specifyingz before entering a licit password’ can have any of the specialhandlings described for DIFCO systems. This example of alternative,possibly silent, interpretations of otherwise ordinary user actions ismeant to convey a breadth of similar possibilities (such as a userpressing and then releasing the right-hand shift key on a keyboard) aswill be clear to one skilled in the art.

User identification mechanisms are commonly employed to protectcomputers including components thereof such as devices, programs and/ordata. Common computer access control identification mechanisms employ ausername access voucher component (such as a text string, identifier, ornumber) to uniquely identify each particular licit user, account, and/oruser role. Associated with that username is typically a single secretpassword access voucher component (such as a character string or othermachine-readable value—often encrypted). When a user seeks or thecomputer system requests authentication, the user presents the usernamewith its companion secret password. When these two components combinedare validated, the user is access-validated, and consequently, may bepermitted to operate a device, utilize a service, or otherwise performaccess-validated activities. The purpose of this structuredidentification mechanism is to inform the computer system who it is whoseeks to use the device and/or service—via the username. Further, toverify their identity, knowledge of the secret password is demanded. Thesecret password response provided by the requesting user is validated bycomparing it against secure reference data. Such a procedure is familiarto most computer system users.

However, a DIFCO system may for example innovate such a username/secretpassword regimen (as well as other regimes of user identification and/oruser account identification) as an access control mechanism bydifferentiating the access provided to a given user (e.g., licit uservs. illicit user) based on the secret password entered (in combinationwith the corresponding account-specific username also entered by thatuser). In addition to allowing differentiated access by licit usersidentified by a valid licit access voucher, a DIFCO system may allowdifferentiated access to an illicit user identified by a valid illicitaccess voucher. More generally, in some embodiments, the access voucherassociated with a given access request may be utilized by a DIFCO systemas a semblance useful in the assessment of the access request and thefacilitation of the corresponding differentiated access.

There may be many means to protect computers, components thereof,programs or data using access voucher systems, association of users andaccounts, and control of privileges and rights. In broad terms accessvoucher processes are understood as a linkage between a specific account(for example, ‘12345’), an identified person (for example, ‘Alice’), andsome private fact known only to Alice (such as a password, perhaps‘AbrahamLincoln’) or something unique to her, such as her rightthumbprint or a code generated by a cryptographic device.

In common practice Alice enters a public access voucher component (herusername), is challenged to present her secret access voucher component(her password), the two components are combined as an access voucher anda match by the user identification/authentication system of the accessvoucher results in her being granted access with permissions as set forher within the system. One may refer to this case as a “single-modeaccess voucher system”.

Alternatively, several different access voucher systems may be allowedfor users. For example, mobile telephones increasingly facilitate usersto be access voucher validated using a password (often a numeric PIN),by drawing a pattern on the screen, or with biometric means such asfacial recognition or fingerprints. When two or more alternative accessvoucher systems are allowed, one may refer to it as a “multiple-modesaccess voucher system”.

In an aspect of the present invention—“multi-username” mechanisms—aDIFCO system, in some embodiments, may extend common single-mode accessvoucher systems to a DIFCO system multiple access voucher enhancement byremoving uniqueness expectations so as to allow more than one usernameto be distinguishingly associated with a single user account or ID. Inthe example above, account 12345 has the single associated username‘Alice’. In such an enhancing extension, for a given account, it isallowed to have multiple usernames that are valid, for example, Alice,Johnson, and AliceJohnson, each associated with account 12345. Suchusernames may function ‘distinguishingly’ in the above example in thatwhile the alternate usernames equally indicate account 12345, which oneis used is noted and recorded as a semblance—i.e., the user associatedwith account 12345 presented username ‘Johnson’ which is #2 of the validones. It should be noted, that multi-username access voucher mechanismsencompass user account access vouchers of all varieties—public, secretor otherwise—including, but not limited to usernames.

In a further aspect of the present invention—“multi-password”mechanisms—a DIFCO system, in some embodiments, may extend commonsingle-mode voucher systems to a DIFCO system multiple access voucherenhancement by removing uniqueness expectations to allow multiplepasswords, PINs, drawings, or other elements of secret knowledge orpersonal identity (fingerprints as an example) to be distinguishinglyassociated with a username. In our example of account 12345 and usernameAlice, that username could be associated with multiple fingerprintpatterns, passwords, or other identity mechanisms to provide amultiplicity of access voucher. For example, username Alice and passwordAbrahamLincoln could be an valid access voucher pair as could usernameAlice and password GeorgeWashington. Such passwords may be‘distinguishingly’ interpreted in the above example in that while thealternate passwords equally access-validate the user Alice, which one isused is noted and recorded to be used as a semblance—i.e., the userassociated with username ‘Alice’ presented the password‘GeorgeWashington’ which is #2 of the valid ones. It should be noted,that multi-password access voucher may be embodied utilizing accessvoucher of all varieties—secret, user-unique (e.g., biometrics) orotherwise—including, but not limited to passwords.

In an additional aspect of the present invention—“multi-voucher”mechanisms—a DIFCO system may, in some embodiments, distinguishinglyinterpret a user's choice to utilize one of multiple allowable accessvoucher mechanisms. Such a user's choice of access voucher mechanismsmay be ‘distinguishingly’ interpreted in that while the alternatechoices of multiple allowable access voucher mechanisms equallyauthenticate the user Alice, which mechanism is used is noted andrecorded to be used as a semblance. The multiple allowable accessvoucher mechanisms envisioned here may for example come from: extendedand enhanced single-mode access voucher systems (as described in the twoaspects of a DIFCO system—i.e., multi-password andmulti-username—detailed in the paragraphs above); use of an alternativemultiple-modes access voucher system; or the use of more than one accessvoucher system of any kind.

In yet another aspect of the present invention—“combined-voucher”mechanisms—a DIFCO system may, in some embodiments, distinguishinglyinterpret a user deliberately sending two or more access vouchers in asequence—either as a single access request or in a plurality of accessrequests—where the combined sequence is intended as a signal from theuser and where each access voucher in the sequence utilizes a specificone of multiple allowable access voucher mechanisms as a component ofthe signaling. The signal is encoded across multiple access requests,first using one voucher mechanism and then using another mechanism andso on, such that the sequence of mechanisms is recognized by the DIFCOsystem and it is their combination that is utilized to derive thesignal. Such combined access vouchers may be ‘distinguishingly’interpreted in the above example in that while the user may utilizemultiple allowable access voucher mechanisms in sequence, the combinedsequence of access voucher mechanisms is detected, and the intendedsignal is decoded, noted and recorded to be used as a semblance. Thisutilization of multiple access vouchers in combination, includingperhaps two or more separate secrets, exhibits greater complexity andtherefore more security from hacking than a single access requestutilizing a single corresponding access voucher.

Furthermore, in some embodiments of the multi-voucher aspect, some ofthe access voucher types may be repeated in sequence rather than alwaysvarying in type.

Additionally, in some embodiments of the above multi-voucher sequence,the order of use within the sequence of allowable access vouchermechanisms may also be intended by the user as a signal and beaccordingly distinguishably interpreted by a DIFCO system. For example,‘use your password first and only then press your finger to the sensor’.Furthermore, in some embodiments this multiple access voucher use couldbe specifically concurrent—for example, forming a ‘chorded keyensemble,’ such as holding a finger over a phone's camera whileconcurrently pressing the fingerprint sensor with a finger.

Additionally, in some embodiments, a combined-voucher mechanism may beaugmented utilizing combinations of distinguishable ‘non-voucher’mechanism(s) such as: the number of access requests, the temporalseparation of access requests, the pattern of alternating access voucher(perhaps independent of the specific content of the access vouchersthemselves), and similar intentional access-request-related sequentialactions that may be utilized in combination with access vouchermechanisms.

Furthermore, in some embodiments, a DIFCO system may interpret amulti-voucher sequence—say ‘A’ followed in sequence by ‘B’—as a kind ofcombined access voucher ‘AB’. In making the sequential access requests,the access voucher ‘A’ might be assessed and treated as an ‘error’access request but also noted in a semblance—‘access voucher A justseen—combine A with the next access voucher seen for this account’. So,when the access voucher ‘B’ is next attempted for the same account, theassessed access voucher would not be ‘B’, but rather the combined accessvoucher ‘AB’. The result is a marked improvement in secrecystrength—i.e., the secrecy strength of the two access vouchers takenindividually are multiplied together for the combined strength. So forexample, a 4-digit pin can be guessed in ½ of 10000 attempts on average.Having to use a access voucher ‘1234’ before using access voucher ‘5555’means that the difficulty for a guesser goes from 1 in 10**4 to 1 in10*8.

In general, in validating a given access voucher associated with a givenaccess request (or sequence of access requests), some embodiments of aDIFCO system may detect a user signal intentionally encoded therein andmay convey information deduced from that user signal in a semblance tobe utilized in assessment. In this way, enhanced voucher mechanism(s)and/or other DIFCO-enhanced mechanisms related to an access request(s)may facilitate a DIFCO system to distinguishly' interpret an accessrequest (and associated access voucher(s)) or a related sequence ofaccess requests.

In some embodiments as detailed previously, a DIFCO system may, as aresult of the validation of an access request, and based on theassessment of that access request, dynamically differentially configureaccess to the service(s) and/or data of the DIFCO-integrated systemsubsequent to the validation and assessment but prior to the requestedaccess.

As a concrete example of such dynamic differential configuring, Alicecould use one of several usernames—e.g., Alice, AliceJohnson, orJohnson—as a component of her access voucher in an access request. Eachsuch username (each corresponding to a different user role) might causethe DIFCO system to perform a specific differential configuration basedon the corresponding validated username. For example, using the Aliceusername could thusly cause (via dynamic differentiated configuration)her computer or phone background to show personal family photos; theJohnson username could cause the display of a work-related arrangementwith business and project status; while the AliceJohnson username couldcause the display of an empty background devoid of family and workdetails suitable for accessing in public or insecure places.

Alternately, she could for example use just one username—Alice—but withdifferent passwords, say AbrahamLincoln, GeorgeWashington, andThomasJefferson to select from the three device dynamic differentialconfigurations (i.e., each password corresponding to a different ‘role’,when validated and assessed, would select for a correspondingdifferential configuration). Or perhaps, Alice might do so with thefingerprint patterns of three different digits. More broadly, any use ofvarious access voucher means, each being distinguishingly associatedwith one of the visual dynamic differential screen configurations givenas examples, is a natural case of using multiple-modes access vouchersystems to control the differential configuring of computers, componentsthereof, programs or data.

Note that utilizing differing access vouchers (i.e., in the aboveexample, the three different passwords associated with the Aliceusername) may result in correspondingly differing assessments by a DIFCOsystem—e.g., AbrahamLincoln=‘okay’, GeorgeWashington=‘risk’ andThomasJefferson=‘risk’ plus a persistent semblance to assess any futureaccess request for username Alice as ‘risk’. Additionally, suchdifferent dynamic differentiated configurations—each corresponding to adifferent access voucher for a given account—may enable a positivelyenhanced experience as opposed to a deceptive one. So for example, in asocial-networking service integrating a DIFCO system, each of themultiple differing passwords (or like means) could serve as a signalrequesting access differentiated in effective by user role. So forexample, the access dynamically differentially configured correspondingto a given access voucher may in effect correspond to the guise ofvarious personas, or personal facets, such that the password used shapesthe experience, network of connections, and visible contentaccessed—based on user roles or facets of life such as ‘daddy’,‘husband’, ‘colleague’, or ‘official’.

In some embodiments, a DIFCO system may be utilized indirectly by agiven user effectively selecting from a remotely stored ‘menu’ of accessvouchers. Such a selection of access vouchers may, for example, bemaintained by a centralized security service system 230 as describedpreviously above. Utilization of a given access voucher (correspondingto a specific user role) may for example be based on user selection of aservice (e.g., log-in to Twitter) corresponding to that access voucher(e.g., username/password for the user's Twitter account). A ‘master’access voucher (i.e., utilized by the user to gain access to theservices of centralized security service system 230 may additionallyserve in essence as a master access voucher to which theuser-role-specific access vouchers are effectively subordinate. Sofurther by example, the user-role-specific access vouchers may beusername/password combinations used for logging into various of theuser's interne accessed service accounts. The user may then for exampleselect from a menu of services—say: GOOGLE+, Facebook, Twitter, Linkedlnand Dropbox—and the centralized security service system 230 mayautomatically conduct the log-in for that user-selected serviceutilizing the corresponding username/password access voucher.

In some embodiments, an access voucher may utilize the format:‘roleID/secret-account-ID’. So for example, the ‘roleID’ may correspondto the user's role—and in effect select for specific dynamicdifferentiated access—as discussed previously above; and thesecret-account-ID may combine the functions of a unique user ID (in thiscase secret) and secret password.

Another example of extending the utilization of passwords involves acash withdrawal from an automated teller machine integrated with a DIFCOsystem. In this example the ‘username’ is the user's account numberpresent in the banking card and the ‘password’ is commonly a four digitnumeric code known as a Personal Identification Number, or PIN. Theextension of passwords by the present invention may, for example, allowfor users to create multiple valid PIN numbers and associate dynamicdifferential configurations (each potentially with subsequent resultingactions) with the various PIN numbers. For example, envision a ‘regular’PIN, the use of which would dynamically differentially configure the ATMmachine to operate in the normal manner, as well as an ‘emergency’ PIN,the use of which is a signal to dynamically differentially configure themachine to operate in a dynamically differentially configured manner tothe benefit of a user who is being forced to withdraw money by a robber.Here are some exemplary dynamic-differential-configuration-resultingactions of the ATM machine: cause the machine to dispense money slowly;cause the machine to cause the bank to alert the police about therobbery; cause the machine's camera to record continuously; cause themachine to activate an audio recorder; cause the machine to photographserial numbers of bills dispensed; cause the machine to issueforensically tagged money from a special internal container. Any or allsuch actions resulting from dynamic differential configuring by a DIFCOsystem could potentially be directed simply using the emergency PIN asopposed to the regular one.

A further potential utilization of dynamic differential configuring isnaturally explained through this example, namely, the dynamicdifferential configuring of the user's bank account data based on theuse of the emergency PIN. One might imagine that showing a very largebalance could encourage kidnapping and ransom demands, so the display ofa large actual balance could worsen a robbery situation, just as themachine's failure to accept the proffered PIN could lead to violence.Therefore, using the emergency PIN could cause the account balance to bedynamically differentially configured to appear as a small figure,perhaps $153, that could still be withdrawn but would not alert thecriminal to a potential million dollar bounty in the actual balance.

Yet another example of the present invention shows the breadth of itsapplicability to upgrade the security of existing access vouchersystems, for example, to enhance the security of single-mode accessvoucher systems. Some secrecy measures may be more resistant to defeatthan others, these may be referred to as “stronger” means as compared to“weaker” ones. A simple example is longer (stronger) vs. shorter(weaker) passwords, or passwords drawn from symbol alphabets of greatervs. smaller cardinality ('alphanumeric plus punctuation' vs. ‘lowercase’). The present invention may be utilized as an upgrade such that anexisting access voucher system may continue to use weaker passwords andyet provide greater protection and thusly achieve a significant securityimprovement at limited cost. So for example, security mechanisms for ATMcards might still utilize a 4-digit PIN, but be upgraded to enjoy theadded security features detailed in the several dynamic differentialconfiguring examples above (e.g., multi-access voucher mechanisms).

In another example of upgrading an existing access voucher system, aDIFCO system might enable several relatively weak ‘error’ passwords toprotect one or more stronger ‘okay’ passwords from a bad actorattempting to enter the ‘okay’ password by repeated guessing. Referringto the ‘AbrahamLincoln’ password example, one could create multipleweaker ‘error’ passwords such as Abraham, Lincoln, or Abe. The dynamicdifferential configuring that may result for these weaker ‘error’passwords could be utilized to lock the device (perhaps until such timeas a special recovery password was used); to report rogue passwordattempts; to take and report a stealth ‘selfie’ photograph of thecriminal; and/or to report the location of the device. This ‘minefield’of weaker ‘error’ passwords need not be related to the stronger ‘okay’password(s) as in ‘Abe’ to ‘AbrahamLincoln’. Optimal weak passwordsmight well be chosen instead from among guesses often used by those whoattempt to defeat the integrity of access voucher systems, with valuessuch as ‘PASSWORD’, ‘ADMIN’, ‘GUEST’, ‘1234’, qwerty', and the like.This facility of a DIFCO system builds on the observation that 50% ofusers are known to employ one or more of the top 25 most commonly usedpasswords, so using them as ‘minefield’ values is in anticipation of thevalues that intruders are likely to try first. As a unique virtue of theDIFCO system, dynamic differential configuring converts these dangerouseasily guessable passwords into a strong defensive mechanism.

Expanding on the previous example of using sacrificial passwords as asecurity-enhancing mechanism, one may further envision a much broaderuse of a password minefield—i.e., a ‘ubiquitous minefield’—where everypotential password value other than the one or more ‘okay’ passwords isintentionally validated as a ‘risk’ password. Such a sacrificialpassword may be termed a ‘ubiquitous minefield password’. In this mode,every access request is ‘successful’ in the sense of being accepted, butevery password other than the one or more ‘okay’ passwords leads to a‘risk’ dynamic differential configuration where the ‘risk’ user has thesense of initial success, but is in fact fully confined to a ‘walledgarden’ where they can do no harm (other than to modify data and/orservices limited to that ‘walled garden’ and that may persist so as tobe apparent to a subsequent ‘risk’ access).

As an example, in instances of a fingerprint used as an access voucher(or a component thereof), this ‘ubiquitous minefield’ might have theresult that every finger would unlock a smart phone, say, but all butthe owner's fingers would cause the phone to record the fingerprint andforward it to the police or FBI while opening the phone into a ‘walledgarden’ mode from which none of the phone owner's data may be exposedand no malicious actions may be taken. Or, perhaps as a lure, one ormore phone calls could be made where the number called, time of day ofthat call, as well as the ‘risk’ user's voice would be recorded and sentto police as forensic evidence.

A prior analogy described a hypothetical DIFCO safety-deposit boxscenario where the licit key delivered the normal contents and theillicit skeleton key delivered a different box, perhaps empty or perhapsalmost the same. Under the scenario of the present ‘ubiquitousminefield’ example, the box would open with any key whatsoever, yetstill, only the owner's key would reveal the ‘okay’ contents while theuniverse of other possible keys would yield the ‘risk’ contents. In thisanalogy, one might exchange the security of ‘those keys that fit thelock may or may not open the box’ for the security of ‘all keys fit andopen the lock, but only a few keys lead to the box owner's actual box’.This analogy illustrates how dynamic differential configuration is initself a robust security mechanism; and furthering the analogy, how aDIFCO system may make a full range of keys—from two keys up to allkeys—into a secure posture.

In a further refinement of a ‘ubiquitous minefield’, a DIFCO system, insome embodiments, may recognize the potential mis-typing of an ‘okay’password and deduce such a potentially mis-typed password to be anon-valid ‘error’ password rather than the assumed ‘risk’ passworddescribed above. Such a refinement, may slightly decrease the set ofpotential ‘risk’ passwords, but may avoid annoying a ‘fat-fingered’licit user.

Civil aviation provides a further example of computerized systemsamenable to DIFCO-enhancement. The ICAO (International Civil AviationOrganization) and individual countries require that airplanes beequipped with a transponder (TRANSmitter/resPONDER) for radioidentification. Transponders reply to ATC secondary surveillance radarwith an aircraft identifier and a conspicuity code, also known as abeacon or “squawk” code. If one interprets the aircraft identifier as a‘username’ and the conspicuity code as a ‘password’, then one canunderstand how the DIFCO system could be applied to increase aviationsafety.

In present use, pilots are required to set transponder codes based onflight controller instructions or as pilot-selected flight statusindicators according to regulated meanings (7700′ for emergency, ‘7600’for radio failure, and ‘7500’ for hijacking are three of many codes).Further envisioning the ‘7500’ hijacking case, one may observe that thesetting is visible to a hijacker in the cockpit even though the intendedeffect is to notify air traffic control on the ground.

Contrast the transponder in the example above with aDIFCO-system-integrated with a computerized transponder which mightinstead send a non-hijacker-apparent ‘7500’ (or other) flight statusindicator. The operator of such a transponder might be assumed to be alicit user and the means to obtain a surreptitious setting andtransmission of code 7500 might not happen observably but rather bysurreptitious means, such as may be signaled by setting the code dialsfor any chosen code from left to right rather than right to left,. Sucha surreptitious signal may be assessed by a DIFCO-integrated transponderas a ‘risk’ access request in which case the transponder may bedynamically differentially configured such that dialed code would bedisplayed but the urgent 7500 would be transmitted by the transponderwith the hijacker unaware.

Furthermore, such a dynamic differentiated configuration of thetransponder for a surreptitious 7500 could additionally cause aDIFCO-enabled airplane to be dynamically differentially configured foranti-hijacking: fuel gauges could decline at rates greater than actualto suggest short available range, alarm sensors could be triggered tosuggest a lack of oxygen, failing engines, icing, dead instruments, orother dynamically differentially configured means to deceive thecriminal that the plane must land soon and short of its hijackdestination.

The above example of dynamic differential configuring the airplane'scomputerized systems and devices based on which of several code choicesare made (or how they are entered) further shows the broadly-applicablenature of DIFCO systems. More generally, it should be noted that a DIFCOecosystem 100 may include DIFCO systems that are airborne, maritime,deep sea, orbital or in deep space. In fact the more mission-criticalthe DIFCO system—e.g., self-driving tractor-trailer, un-manned strategicbomber, Mars robotic rover, missile-launch-detection satellite—the morepotentially valuable the enhanced security it may provide.

In some embodiments, the present invention may be utilized incombination with numerous variations of access vouchers including, butnot limited to, those discussed in the paragraphs below.

In some embodiments, a DIFCO system may utilize two valid passwordscorresponding to a given username, one primary and one secondary, thesecondary being a transliteration of the primary based on keyboardlimitations. So for example, the primary password may be a ‘standard’alphanumeric password and the secondary password may be a correspondingreduced password associated with a reduced capability keyboard such as aphone keypad. So, for example, the primary password may have the value‘ABCD’ and the secondary password may utilize an equivalent series ofnumbers corresponding to these letters as labeled on a telephonekeypad—i.e., ‘2223’.

In some embodiments, a DIFCO system may utilize temporal variation inuser authentication. For example, the DIFCO system may utilizesuccessive (and potentially cyclical) selection through an ordered listof password alternates as a strengthening security measure. Suchalternation of passwords may by analogy be compared to the alternationof encryption keys used in successive one-time pad encrypted messages asmay be well understood by one skilled in the art. This strengtheningsecurity mechanism thusly associates a successive series of secretpasswords with one account so as to prevent malicious observation fromcompromising password protection,

In some embodiments, a DIFCO system may facilitate use of multiple validpasswords for a given valid username to selectively enable an inclusivesequence of increasingly powerful operational authorities. Such a seriesof valid passwords may facilitate access to an inclusive series ofsecurity realms: valid password P1 facilitates accessing realm R1 (say abank lobby); valid password P2 facilitates accessing realms R1+R2 (lobbyand deposit boxes); valid password P3 facilitates accessing realmsR1+R2+R3 (lobby, deposit boxes, and vault). Such security realms may beinclusive, representing not selection as in ‘P1=R1, P2=R2, P3=R3’ butrather ordered aggregation, as in ‘P1=R1, P2=R1+R2, P3=R1+R2+R3’.

In some embodiments, a DIFCO system may utilize multiple passwords toselectively enable a tree-structured hierarchy of increasingly powerfuloperational authorities wherein a tree structure of rights may betraversed based on the hierarchical ranking of a given passwordresulting in aggregation of authorities along the path between the rootnode and a specific password-identified node in the tree. (Analternative embodiment may utilize a linear list of increasing andinclusive authorities).

FIG. 6 illustrates user interfaces that may facilitate users—those usersrequesting differentiated access from a DIFCO system—to enter accessvoucher(s). FIG. 6 provides an exemplary screen 6000 to illustrategraphical user interfaces that different users may utilize to enterdiffering access vouchers such that each user utilizing a unique accessvoucher may request dynamically differentially configured accesscorresponding to the access voucher entered by that user.

A user utilizing exemplary screen 610 may be facilitated by a prompt 615to enter an access voucher 618.

In some embodiments, a DIFCO system may be “pervasive”—i.e., it mayfacilitate additional security mechanisms integrated within theservice-providing-system such that, for example, post log-in behavior ofa given user may be monitored for suspicious behavior(s) that mayindicate that security has been compromised either via log-in or perhapsother means. Such monitoring may result in semblances that may beretained for use in the assessment of future access requests.

Furthermore, in some embodiments, such a more pervasive DIFCO system mayinclude facilities intended to detect and operate in security-degradedenvironments. For example, a pervasive DIFCO system may be integrated ina laptop computer system that has been compromised by malware that mayinterdict and/or alter communication between that laptop computer andremote systems. Or perhaps, the compromise is remote, but in the path ofcommunications—say a compromised home router. The pervasive DIFCO systemmay for example detect irregularities in communications with remoteDIFCO systems that provide semblances or perhaps changes to or deletionof a local file used to store accumulated semblances. Such detectedsuspicious circumstances may cause such a pervasive DIFCO system to takevarious measures such as transmitting security alert(s) to remotesystem(s), displaying security alert(s) on the laptop computer's screenor perhaps actively protecting resources on the potentially compromisedlaptop.

In some embodiments of a DIFCO system, access requests may beinstance-specific and have no persistence. For example, such aninstance-specific non-persistent access request may be a request to reada specific item of data from a DIFCO system-integrated data base server.Any such access granted as a result of such an instance-specificnon-persistent access request would be one-time—not allowing forsubsequent accesses relying on that access request. Furthermore, eachsuch instance-specific non-persistent access request may include (or insome fashion reference) an associated access voucher—for exampleincluding an encrypted token.

In some embodiments, a DIFCO system may facilitate the creation andmanagement of a given account—perhaps via account management user toolsutilizing a menu driven graphical user interface (not shown). Such aDIFCO system enabled account management facility might be utilized by anauthorized administrative user to create and manage a set of accessvouchers for a given account as well as defining and associatingcorresponding types of access and associating access vouchers withindividual types of access. For example, a DIFCO system may provideaccount management user tools allowing an account's owner to defineother types of differentially configured access (perhaps via a checklistof ‘permissions’ and ‘prohibitions’) for that account and associate acorresponding access voucher(s) with each of those created access types.In some embodiments, access types may be pre-defined such that anaccount owner might associate an access voucher with a given access typeselected from a menu of pre-defined access types. Furthermore, such anaccount facility might enable an account owner to define rules for thevalidation of access vouchers and the assessment of access requestsincluding rules for acquiring and utilizing semblance(s) in a givenassessment. In some embodiments, DIFCO system account management usertools may enable user apparent logical constructs such as ‘roles’ andcorresponding ‘role-specific’ configuration.

In some embodiments, a DIFCO system may facilitate account-specific userconfiguration of such a DIFCO system and/or a service-providing systemintegrated with such a DIFCO system. In some embodiments, such userconfiguration may include choice of: an access voucher system; anemergency-signaling access voucher; and the related ‘what actions aretaken by the DIFCO system when an emergency-signaling access voucher isentered’ (e.g., notify the police). For example, such emergency-signaledactions may be selected from pre-configured ‘standard’ options (e.g., inthe case of an ATM emergency PIN, ‘notify the bank and police’, or theymay be custom defined by the user (or others on the user's behalf).

In some embodiments, some aspects of configuring a DIFCO system and/or aservice-providing system integrated with such a DIFCO system may berequired for some or all users (and perhaps configured by an authorizedadministrative user). For example, for users within an organization(e.g., a business or other controlling entity) certain configuration(s)may be mandatorily standardized for most or all users. Further byexample, such a user may be required to define a ‘doomsday’ passwordthat may cause a DIFCO system-integrated device (e.g., a smart phone) tologically or physically disable its operation and encrypt or delete itsdata so as to protect organization-sensitive or legally protectedinformation (such as HIPAA protected data, client-privilegeddisclosures, judicial notes, or Secret, Top Secret, SCI, and ECIinformation).

In the foregoing discussion of various potential embodiments of thepresent invention, passwords and usernames may have been utilized aseasily relatable examples of access vouchers. However, embodiments ofthe present invention may utilize a myriad of user identifyingmechanisms and techniques including, but not limited to encryptedhandshakes, certificate exchanges, utilization of trustedintermediaries, biometric measurement, as well as other means ofidentification—utilized individually and/or in combination.Additionally, access vouchers may be supplemented by and assessedutilizing one or more semblances. Instances of semblances described inthe above discussions were provided as examples only. Embodiments of thepresent invention may utilize a variety of semblances—both individuallyand cumulatively—that may be directly measured (e.g., utilizingsensors), inferred (e.g., using statistical prediction based on priorbehaviors) or otherwise acquired, derived and/or deduced. Accessvouchers and semblances as illustratively described may facilitatevisualizing embodiments of the present invention, however, they providedetails of exemplary mechanisms that may achieve the larger goal ofassessing more than one type of access request such that differentaccess request types may be granted dynamically differentiallyconfigured access wherein the accessed computer services and/or data maybe differentiated based on assessed access type.

In accordance with various permutations of possible embodiments, it iscontemplated that the potential hierarchies of role relative toassessment result type are inconsequential to the spirit of the presentinvention. In some embodiments, roles and assessment result type areused interchangeably. In some embodiments, role and assessment resulttype may also be independent or partially dependent relative to eachother. For example, a role may be the essential determinant of a givenassessment result type (e.g., ‘account-owner’ where ‘account-owner’ is arole); or a role may be the primary determinant of a given assessmentresult type along with other ancillary determinant(s)—i.e., hierarchicalsub-determinant(s)—(e.g., ‘boss/risk’ where the role ‘boss’ is theprimary determinant and ‘risk’ is an ancillary determinant); or a rolemay be utilized as an ancillary determinant of a given assessment resulttype (e.g., ‘error/mom’ where ‘error’ is the primary determinant and therole ‘mom’ is an ancillary determinant); or a role and otherdeterminant(s) may share as essential determinants (e.g.,‘okay-boyfriend’ or equivalently ‘boyfriend-okay’ where ‘okay’ and therole ‘boyfriend’ are hierarchically equivalent (and thereforeinterchangeable) essential determinants).

Furthermore, in accordance with various permutations of possibleembodiments, it is contemplated that the potential hierarchies of‘differentially configuring’—e.g., ‘differentially configuring access’vs. ‘differentially configuring service(s) and/or data’ areinconsequential to the spirit of the present invention. In someembodiments, ‘differentially configuring access’ and ‘differentiallyconfiguring service(s) and/or data’ are used interchangeably. In someembodiments, ‘differentially configuring access’ and ‘differentiallyconfiguring service(s) and/or data’ may also be independent or partiallydependent relative to each other. For example, ‘differentiallyconfiguring service(s) and/or data’ may be accomplished in part or inwhole by ‘differentially configuring access’ to such service(s) and ordata (e.g., access to service(s) variants and/or to alternative datavalues); or, ‘differentially configuring access’ may be accomplished inpart or in whole by ‘differentially configuring service(s) and/ordifferentially configuring data’ (e.g., service(s) and/or data may bedifferentially configured so as to enable or prevent access to them).Furthermore, in a DIFCO system, differentiated access, differentiatedservice(s) and/or differentiated data may be dynamically configured,whether or not explicitly stated.

In sum, the present invention provides systems and methods fordifferentiated identification for configuration and operation. Theadvantages of such a system include the ability to limit, alter orprevent illicit accesses (e.g., accidental, malicious or otherwiseundesirable and/or unintended accesses) to sensitive computerized userservices and/or data while seemingly—but actually not—providing ‘normal’access. Such limitation or prevention may be affected by such a systemso as to be difficult to detect or to discriminate from normal unlimitedoperation—particularly automatically by computerized techniques—so as tofoil, confuse, hamper and/or deter bad actors. Furthermore, the benefitsof the present invention may apply not only to surreptitious accessattempts, but also to physically present—perhaps coerced—accessattempts. In threatening criminal situations, a DIFCO-enabled apparentlysuccessful breach as opposed to a pre-DIFCO' access denied' refusal—maybe the difference between the threatened user's life and death.

While this invention has been described in terms of several embodiments,there are alterations, modifications, permutations, and substituteequivalents, which fall within the scope of this invention. Althoughsub-section titles have been provided to aid in the description of theinvention, these titles are merely illustrative and are not intended tolimit the scope of the present invention.

It should also be noted that there are many alternative ways ofimplementing the methods and apparatuses of the present invention. It istherefore intended that the following appended claims be interpreted asincluding all such alterations, modifications, permutations, andsubstitute equivalents as fall within the true spirit and scope of thepresent invention.

What is claimed is:
 1. In a differentiated identification system, amethod for providing dynamically differentially morphed access to arequester, the method comprising: receiving an access request includingat least one differentiable voucher from a requester; assessing the typeof the received access request by considering the access request, thedifferentiable voucher and at least one semblance; dynamicallydifferentially morphing an access to at least one service or data basedon the assessment of the access request type; and providing therequester at least one dynamically differentially morphed access to theat least one service or data.
 2. The method of claim 1 wherein the leastone semblance is derived from confirming verisimilitude of the least onedifferentiable voucher.
 3. The method of claim 1 wherein the at leastone differentiable voucher is selectable by the requester from aplurality of acceptable differentiable vouchers.
 4. The method of claim3 wherein the plurality of acceptable differentiable vouchers includesat least one of a multi-username differentiable voucher, amulti-password differentiable voucher, a multi-voucher differentiablevoucher and a combined-voucher differentiable voucher.
 5. The method ofclaim 1 wherein the at least one semblance is transformed by an earlierassessment.
 6. The method of claim 1 wherein the at least one semblanceoriginates from an external source.
 7. The method of claim 6 wherein theat least one semblance originates from the external source usingout-of-band communications.
 8. The method of claim 1 wherein the atleast one dynamically differentially morphed access to the at least oneservice or data includes an account lock-out.
 9. A differentiatedidentification system for facilitating dynamically differentiallymorphed access to a requester, the differentiated identification systemconfigured to: receive an access request including at least onedifferentiable voucher from a requester; assess the type of the receivedaccess request by considering the access request, the differentiablevoucher and at least one semblance; dynamically differentially morphs anaccess to at least one service or data based on the assessment of theaccess request type; and provide the requester at least one dynamicallydifferentially morphed access to the at least one service or data. 10.The system of claim 9 wherein the least one semblance is derived fromconfirming verisimilitude of the least one differentiable voucher. 11.The system of claim 9 wherein the at least one differentiable voucher isselectable by the requester from a plurality of acceptabledifferentiable vouchers.
 12. The system of claim 11 wherein theplurality of acceptable differentiable vouchers includes at least one ofa multi-username differentiable voucher, a multi-password differentiablevoucher, a multi-voucher differentiable voucher and a combined-voucherdifferentiable voucher.
 13. The system of claim 9 wherein the at leastone semblance is transformed by an earlier assessment.
 14. The system ofclaim 9 wherein the at least one semblance originates from an externalsource.
 15. The system of claim 14 wherein the at least one semblanceoriginates from the external source using out-of-band communications.16. The system of claim 9 wherein the at least one dynamicallydifferentially morphed access to the at least one service or dataincludes an account lock-out.